...hat sends this to their email. How can I create a dashboard that sends you a "report is running" message, aggregates multiple reports (passing tokens all the way down to each), and sends to your email?
...or email related logs. And after that, I have to create an alias so that "ExchangeDetails.Recipients{}" is equivalent to "recipient" as indicated in the datamodel. Is that correct? Thank you for y...
...]
The problem appears when I try to use a datamodel in subsearches - the following does not work (shows "No results found"):
| set diff [| datamodel WebScan Exchanges search | search scanId=1...
For Exchangemessage trace logs I am extracting the user as following in the props.conf file:
EXTRACT-user = "RecipientAddress":"(?<user>\S+)@
I would also like to extract the user f...
...roblem is that the count where it shows how many emails were sent to a recipient is broken. Not sure if this search comes with ES or not but in the datamodel, it shows that this is a calculated field f...
...INFO dispatchRunner - registering search time components of build time module name=vix
09-25-2018 06:17:18.357 INFO dispatchRunner - Getting search configuration data from: /opt/splunk/etc/m...