McAfee has modified the db schema in its latest release of EPO. There's a new table called EPExtendedEventMT and the syntax for the changes to your SQL statement in DB Connect needs to be as follows:
[EPExtendedEventMT].[field_to_be_retrieved] as [desired_field_name_in_Splunk]
We expect these changes to be supported in a future release of our TA. For now, follow the steps below.
In order to capture the process name which has now been moved to a new table in the latest version , the query needs to be modified as follow.
Replace
[EPOEvents].[SourceProcessName] as [process]
With
[EPExtendedEventMT].[TargetName] as [process]
After FROM [EOPEvents]
Add
left join [EPExtendedEventMT] on
[EPOEvents].[AutoID] = [EPExtendedEventMT].[EventAutoID]
... View more
Download and install the Splunk add-on for Windows if you have not already done so.
https://splunkbase.splunk.com/app/742/#/details
It needs to be installed both where the Universal Forwarder is installed and on your Splunk Enterprise server. If you have a separate indexer and search head, then install on Search Head as well.
The compressed file you download needs to be uncompressed and placed in the following directory : $Splunk_Home/etc/apps
On the Universal Forwarder only, enabled data collection by setting the Disabled parameter in inputs.conf to 0. Restart your Universal Forwarder after editing inputs.conf using notepad.
Check the following index for data depending on what you’re collecting.
index=windows
index=wineventlog
index=perfmon
... View more
You can't achieve what you are trying to do with HTML. As stated above, you need to use CSS. With CSS, things can get somewhat complicated very quickly trying to cover all browsers/versions. So, you're better off using javascript. There are plenty of plugins out there that will let you do so quite easily. Here's an example: http://jsfiddle.net/euka4rm3/
... View more