I have a search/report that results in 72 events. Since upgrading to 4.3, only the first 40 events are displayed in the column chart. Why and how can I fix? Thanks! Jeff ... View more

Given the event (output from Cisco ASA 'show vpn-sessiondb full svc' command)... Session ID: 33397 | EasyVPN: 0 | Username: user@company.com | Group: VPN-User | Tunnel Group: WebVPN-AD-Authentication | IP Addr: 192.168.1.1 | Public IP: 184.151.1.1 | Protocol: Clientless SSL-Tunnel DTLS-Tunnel | License: SSL VPN | Session Subtype: With client | Encryption: RC4 AES128 | Login Time: 15:35:44 EST Tue Nov 22 2011 | Duration: 0h:00m:35s | Inactivity: 0h:00m:00s | Bytes Tx: 20277 | Bytes Rx: 19574 | NAC Result: Unknown | Posture Token: | VLAN Mapping: N/A | VLAN: 0 || ... I am able to extract the key-value pairs using: **props.conf [vpnsessiondata] DATETIME_CONFIG=CURRENT REPORT-sessiondata=sessiondata **transforms.conf [sessiondata] DELIMS = "|", ":" The problem during searches is that a field is ignored if the character delimiting the key from the value (":" in this case) is also contained within the value (any time value for instance). How can I deal with this? Thanks! Jeff ... View more