Hi @Ophera  You should reach out to the app developers (support@wiz.io) and request this and hopefully they can get it looked into. Often its just a case of them updating the list of supported versions rather than actually changing the app itself. 🌟 Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing ... View more

Hi @jni  On a UF your options are limited as the others have shared, because the journald input configs are inclusive not negative checks, if you dont have a HF or dont want to send this data from the UF then I think the only other thing you could look as is the lesser-well-known 'force_local_processing' flag in props.conf - Note that this makes the UF process a bit like a HF and may increase CPU usage. For more info check out https://docs.splunk.com/Documentation/Splunk/8.2.12/Admin/Propsconf#:~:text=force_local_processing Example config: ## props.conf ## [yourSourcetype] force_local_processing = true TRANSFORMS-drop_apparmor = drop_apparmor_allow ## transforms.conf ## [drop_apparmor_allow] REGEX = apparmor=ALLOWED DEST_KEY = queue FORMAT = nullQueue 🌟 Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing ... View more

Hi @eholz1  Here is a working example of getting results by SID if it helps.   const splunkjs = require('splunk-sdk'); const service = new splunkjs.Service({ host: "yourSplunkServer", port: 8089, username: "admin", password: "yourPassword", scheme: "https" }); ` Wrap callback-based SDK methods in promises ` function getResults(sid) { return new Promise((resolve, reject) => { service.login((err) => { if (err) return reject(err); service.jobs().fetch((err, jobs) => { if (err) return reject(err); const job = jobs.item(sid); if (!job) return reject(new Error(`Job not found: ${sid}`)); job.fetch((err, job) => { if (err) return reject(err); if (!job.properties().isDone) { return reject(new Error("Job not yet complete")); } job.results({}, (err, results) => { if (err) return reject(err); resolve(results.rows); }); }); }); }); }); } ` Usage with Express ` const express = require('express'); const app = express(); app.use(express.json()); app.post('/getSID', async (req, res) => { try { const sid = req.body.sid; const results = await getResults(sid); res.json({ results }); } catch (err) { console.error(err); res.status(500).json({ error: err.message }); } }); app.listen(3000); 🌟 Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing ... View more