I'm trying to address the new "check_for_vulnerable_javascript_library_usage" check in AppInspect as it's required for apps to run in Splunk Cloud after February. However, I get results like: 3rd party CORS request may execute parseHTML() executes scripts in event handlers jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Regex in its jQuery.htmlPrefilter sometimes may introduce XSS  which doesn't really tell me how to proceed. Is there a way I can figure out what's actually causing these errors?

Hello, Trying to align a checkbox input to the top by removing the label on top. Even if i leave the label tag empty, it takes up space (&nbsp).     This css does not seem to work. Would appreciate any suggestions. div[id^="showSummary"] >label { display:none !important; }   Below is the complete xml source. <form hideChrome="true" hideSplunkBar="true" hideAppBar="true" hideEdit="false" hideTitle="false" theme="dark"> <label>Checkbox test</label> <fieldset submitButton="false" autoRun="true"></fieldset> <row> <panel id="viewDetail"> <input type="checkbox" id="showSummary" token="show_summary" searchWhenChanged="true"> <label>x</label> <choice value="summary">Summary</choice> </input> </panel> </row> <row depends="$alwaysHideCSSStyle$"> <panel> <html> <style> div[id^="showSummary"] >label { display:none !important; } </style> </html> </panel> </row> </form>

Hi all! I've always had a pretty straight forward approach to bringing in my Palo logs straight to an on-prem Search Head / Indexer just via port 514 / syslog. That's a pretty straight forward setup. I'm trying to set up the more recommended way, now that my Splunk Search Head / Indexer is hosted at AWS. SO, I set up a Universal Forwarder on an Ubuntu Server on the same network as my Panorama instance and am sending the Panorama syslog feed to the UF - running syslog-ng. I see those log files coming in and saving to /var/log/udp514.log. I set up the UF to connect as a forwarder to the Splunk instance on port 9997 and have added /var/log/514.log to be monitored via "./splunk/add monitor /var/log/udp514.log". I see that logging on the UF and then coming in to Splunk, but it is all logging to the main index.  Logically I know that either on the UF or on the Splunk indexer I need to use the PA app to tell it to log to my paloalto index, but I don't know where. I can't seem to add a data input to also listen on 9997. That seems to be a conflict and my normal method of looking for logs on port 514 doesn't apply anymore...  So how do I tell my Splunk indexer to look at the stream coming in on 9997 and move the logs associated with Palo Alto over where the app is looking for it (index=paloalto)? I'll also be logging much more to the UF soon as well...

As follows if <condition-based-on-token-value> then query_1 else query_2where query_1 and query_2 may be a series of statements producing different sets of data.   Given a search query can be embedded in a panel, it might achieve the equivalent results, if there were a way to have conditional panel selection: if <condition-based-on-token-value> then panel_with_query_1 else panel_with_query_2 (The above idea is inspired by @mmccul) but I don't know if it's possible to have such panel selection mechanism with Simple XML of Splunk?Or alternatively, if I could control the visibility of a panel based token value, then I might also achieve the panel selection mechanism: define two panels with visibility control by the token value the controls are mutually exclusive, so that only one panel will be shown I'd appreciate some pointers or examples. (edited)   

Hello, I am stuck and need assistance regarding below topic. I have a dashboard with multiselect filter. When a click on drilldown view, the URL is not converting "%20" to "&". This is the result URL when I click the drilldown view. https://.....&form.token1=value1%26form.TPC_1%3Dvalue2 This same code and logic is working for tables and stats. I have used the same code there and it is working fine. But in this dashboard I have used Chart and here it is not working. The correct result what I should get is https://.....&form.token1=value1&form.TPC_1=value2 I am not sure why %26 is not converted to "&" and %3D to "=" And in filter, we can see this is converted to & and = but not in URL. Due to copyright issue, I have replaced the original value to Value1 and token as field1 Below mentioned is the code used for drilldown link. <condition> <eval token="trans_field1">replace("".$form.field1$,",","&amp;form.field1="</eval> <link target="_blank">$details_dashboard$?form.field1=$trans_field1$</link> </condition> Any work around?

Hi Experts, We performed "check_for_vulnerable_javascript_library_usage" check for our add-on app. As per report we need to upgrade jquery version. We have one common.js file which is minified js and located in following directory - appserver/static/js/build/common.js  Could you please suggest how can we upgrade the jquery version in this minified js file? I went through article - https://dev.splunk.com/enterprise/docs/developapps/visualizedata/updatejquery/?_ga=2.112247757.872217667.1643345201-285550.1643345200 but the steps mentioned here aren't applicable in my case. I am add-on app's tgz file and need to update the jquery version.   Appreciate any inputs on this.   Best regards, Saurabh

Hi all, Im attempting to create a graph that plots total number of events over time. I have tried various usages of timechart, which does not have the desired effect.    sourcetype=* index=* | timechart span=1h count     This yields the following result:   The total number of events in this example is 16, however the data points on the graph correspond to imports and go from 0 -> 13 -> 3. Is there any way I can plot the total number of events over time (so the 3 data point actually becomes 16)?   Thanks in advance for any assistance.