Hi @umithchada , please try this: | rex field=ELAPSED "(?<dd>\d*)\-?(?<hh>\d*)\:?(?<mm>\d*)\:?(?<ss>\d*)$" | eval elapsed_secs=(dd * 86400) + (hh * 3600) + (mm * 60) + (ss*1) | table ELAPSED seconds_elapsed _time You can test the regex at https://regex101.com/r/VfyG4S/1 Ciao. Giuseppe

Hi @Tyrian01 , it's a very slow search, but try: index=nessus source="*2019_04_17_CRIT_HIGH.csv" if you still have these logs, you should be able to find them. The problem could be the retention: how long do you maintain logs in your system? Ciao. Giuseppe

@kymkin  I'm not exactly sure where the install is failing for you, but I can tell you the additional parameters I've successfully used for my install script. Adding the directory of the forwarder program file location. (i.e., C:\ or D:\ drive before the .msi file name) INSTALLDIR_ parameter (determines where install location of the UF program) I add the the license agreement parameter prior to the log collection parameters. Not sure if this actually changes the install process or not. SPLUNKUSERNAME/SPLUNKPASSWORD parameters to set your own admin credentials. /passive end flag (instead of quiet). This is essentially a quiet installation with a progress display. Hope this helps.

I have 1 question. The solution shows the time range in restricted _time. It is possible to expand it into/show in selected time range, which is defined in the time range picker? To the range addinfo.info_max_time, addinfo.info_min_time?

Thanks for the response, when I'm using this line breaker regex  alot of events are missing attaching screenshot as reference. Is there any way i can read that whole file into single payload, If yes this can resolve my issue.   

Interview preparation is like getting ready for a conversation where someone asks you questions to know more about you and your abilities. Here are a few simple tips: Know Yourself: Think about your strengths (things you're good at) and your experiences (things you've done in the past). Understand the Job: Learn about the job you're applying for. What skills are they looking for? How does your experience match those skills? Practice Common Questions: People often ask similar questions in interviews. Practice answering questions like: "Can you tell me about yourself?" "What are your strengths?" "Why do you want this job?" Be Ready to Share Examples: If they ask about your skills, try to give examples from your past experiences. This helps show that you have practical knowledge. Ask Questions: Prepare a couple of questions to ask the interviewer. It shows that you're interested. For example: "Can you tell me more about the team I'll be working with?" "What is the company culture like?" Dress Appropriately: Wear something neat and tidy. It shows that you care about the opportunity. Be on Time: Try to arrive a little early. It gives a good impression. Stay Calm: If you feel nervous, take a deep breath. It's okay to take a moment before answering a question. Follow Up: After the interview, send a thank-you email. It's a nice way to show appreciation.

@quentin_young  Use this link for Splunk Web Framework Component Reference.  https://docs.splunk.com/DocumentationStatic/WebFramework/1.0/ JQuery: https://www.w3schools.com/jquery/default.asp Splunk UI Toolkit: https://splunkui.splunk.com/home Integrating jQuery DataTables Into Splunk: https://hurricanelabs.com/splunk-tutorials/integrating-jquery-datatables-into-splunk-tutorial-part-1/  and so on. Happy Learning if you face any issues, just let us know.   Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.  

Hello Giuseppe, Noticed it's been over 8 years since you posted your question, but came across this post will searching on how to make a text box empty by default.,,,,same as you were looking to do. Was working on a dashboard today, and thought what character is not ever in event data, and is not a character used by SPL for any reason.  The answer was the:  ~ This worked for me, like a charm, in a dashboard text box:    <initialValue>~</initialValue> <default>~</default> Best regards,    Dennis