Still doesn't work. I really don't understand what the problem is with my search when it parses correctly in the search app, but fails in the new suppression wizard. ... View more

Hi @2MuchC0ff33 ,   Its strange because when I run a normal search string outside of the New Suppression setup wizard/box I get no errors. But when I input the same thing into the box and attempt to save, I get the error.   Nonetheless, unfortunately neither one worked and I still can't figure out why it won't accept the string. ... View more

Thank you 2MuchC0ff33.   I did a lot of searching to try and make sure I would only be whitelisting confirmed non malicious stuff while still allowing Splunk to do its job. However, I have run into an issue while suppressing. Apparently my search cannot be parsed correctly.  Here it is; | from datamodel:"Change"."Network_Changes" | search dvc="17x.xx.x.*" command="!exec: enable" Not sure what the issue is, but any help is appreciated.   Thank you again! ... View more