Hi community, I have the need to store encrypted password used in a python script. I've created the app with its setup.xml page and the app is deployed on a search head cluster. The problem is that under Manage Apps I cannot see "Set Up" button and if I click on "Launch App" I get 404 - not found.   This is my setup.xml file   <setup> <block title="New Crdential" endpoint="storage/passwords" entity="_new"> <input field="name"> <label>Username</label> <type>text</type> </input> <input field="password"> <label>Password</label> <type>password</type> </input> </block> </setup>     This is my app.conf file:   [install] is_configured = 0 [ui] is_visible = 1 label = my app [launcher] author = Marta Benedetti description = my app version = 1.0.0     Any idea?   Thanks a lot Marta ... View more

Hi community, starting form a custom commands that returns a list of hostnames, I have the need to filter out: platform != osx domain NOT IN ("domain2", "domain3") domain=domain1 hostname IN ("host1*","host2*")    In order to do so I'm trying different versions but I can't get the result I want.  With this search I can olny get these domain=domain1 hostname IN ("host1*","host2*")  but all the hostname in a different domain than domain2 and domain3 are missing.       | getfe | search platform != "osx" (domain =domain1 hostname IN ("host1*","host2*")) | append [search NOT domain IN ("domain2", "domain3", "domain1")]         Can you please help me? I know I'm missin   Thanks a lot Marta ... View more

Hi community, I need help in parsing events containing not pure json. This is the raw event:   May 28 15:00:15 sd960evo ESS|2.1.0.0 {"User":"SD960EVO\\WinCash","ObjectName":"C:\\PROGRAM FILES\\NCR\\UAHELPER\\XFSTOOL.EXE","Sha256":"6E3B72786B24A85BA657D8298783402DA5237A864ADE989B7B013DEFE65BEDCF","CmdLine":"\"C:\\Program Files\\NCR\\UAHelper\\XFSTool.exe\" \"C:\\Program Files\\NCR APTRA\\Unified Agent\\WS\\bin\\FileUpload\" PIN30\u0000","ParentName":"C:\\Program Files\\NCR\\UAHelper\\UAHelperService.exe\u0000","ProductName":"","FileVersion":"0.0.0.0","EnforcedPolicy":"Deny","DefaultPolicy":"Deny","MatchedRules":"","Issuer":"","Thumbprint":"","Valid":"No","DefaultDeny":"Yes","ActionMask":"-2147483390"}\r\n     This is my props.conf    [kaspersky:syslog] TIME_PREFIX = ^ TIME_FORMAT = %b %d %T EXTRACT-device = \w+\s+\d+\s+\d+\:\d+\:\d+\s+(?<device>[^\s]*)\s+.* EXTRACT-app = \w+\s+\d+\s+\d+\:\d+\:\d+\s+\S+\s(?<app>[^\s]*)\s+.* REPORT-json = report-json,report-json-kv     This is my transforms.conf file   [report-json] # This will get the json payload from the logs. REGEX = (?P<json1>{.+}) # Manually extract JSON key-value [report-json-kv] REGEX = \"(\w+)\":[\s]*\"([^\,\}\"]+) FORMAT = $1::$2 MV_ADD = true     I've tried regex to extract device, app, json1 at search time with rex command and it's working fine. Do you have any ideas? Do you have better solution to parse this log?   Thank you very much ... View more

Hi community, I need to  create Jira issues based on alerts in Splunk and  I think that this add-on might be the right one:  https://splunkbase.splunk.com/app/5037/#/details I work in a distributed environment, with a search head cluster. I think that the add-on should be installed on a search head based on its functionality but I couldn't find any doc about it. If that is right, do you know if search head cluster is supported?   Thank you in advanced   Marta     ... View more