About anwarmmian

anwarmmian · ‎12-16-2021

Try: s3_file_decoder = CloudTrail

anwarmmian · ‎04-19-2021

_TCP_ROUTING in the default stanza should work, but it didn't work for me either.

anwarmmian · ‎03-25-2021

One option is to click in the hour glass next to the down arrow. It will open the search on a new window and you can download it from there.

anwarmmian · ‎10-22-2020

sean_auditum, I have had the same issue. I wanted to redirect WinEventLog:Setup and XmlWinEventLog:Security to a different index as the logs were/are coming in main index. I have had a similar stanza as yours except I had "REGEX = ." in transforms.conf to send all logs to a different index. However, WinEventLog:Setup working but XmlWinEventLog:Security is not. Still investigating. I'll provide an update once I resolve this issue.

anwarmmian · ‎08-31-2020

rsimmons gave a good answer. You can also change that by going to Settings --> Searches, reports and alerts choose the report and go to Advanced Edit display.visualizations.show and change the value to "0"

Posts	5
Solutions	0
Karma Given	0
Karma Received	1
Member Since	‎08-31-2020

Online Status	Offline
Date Last Visited	‎05-08-2022 11:51 PM

Re: SQS Based Input from S3: Assign different sour...

Re: Can I set _TCP_ROUTING in the default stanza f...

Re: Why export button is grayed out in some of my ...

Re: Windows Event Index redirects

Re: How do I remove the chart on the top of the PD...