Hello,  Have you performed this workaround? It has worked? Thanks. ... View more

Speaking from knowledge of the Splunk Add-on for Tenable with respect to pulling Tenable Security Center vulnerability data, it pulls the data available from scans after the last checkpoint. There's no intelligence with respect to past scans. Concrete example: If you create a scan to run daily in SC and you have your Add-on checking data every 60 seconds, the timeline is simply that once your scan finishes on one day, the next data collection pass (between 0 and 60 seconds from then) will collect all the information that scan contains. The next day the exact same thing happens - the scan runs, Splunk sees a finished scan result so it pulls that in its entirety in as well. That does complicate some things slightly, but makes the overall end user methods of getting information on dashboards more consistent in that you always have to use max() and last() type stats functions on scans. ... View more

How about this SPL leveraging sed-mode of rex... | makeresults | eval str="The foo is bar. baz is fine. what?" | rex mode=sed field=str "s/\.( +)([a-z])/. \1__\2__/g s/__a__/A/g s/__b__/B/g s/__c__/C/g s/__d__/D/g s/__e__/E/g s/__f__/F/g s/__g__/G/g s/__h__/H/g s/__i__/I/g s/__j__/J/g s/__k__/K/g s/__l__/L/g s/__m__/M/g s/__n__/N/g s/__o__/O/g s/__p__/P/g s/__q__/Q/g s/__r__/R/g s/__s__/S/g s/__t__/T/g s/__u__/U/g s/__v__/V/g s/__w__/W/g s/__x__/X/g s/__y__/Y/g s/__z__/Z/g" Ugly, but effective. I use a variant (that doesn't require a period) to capitalize every word in a fragment for display in a table. ... View more