cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
laklubinsplunk
New Member
Member since: ‎02-12-2020
‎06-21-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-12-2020
Activity Feed
View All

Re: Symantec TA field Extractions not working

by in Splunk Search
‎03-31-2020 12:23 PM
‎03-31-2020 12:23 PM
REGEX = ^(?i)(?:[[sep_file_prefix]]),\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),?\s*(?[[sep_file_field]])?,\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?:Begin:\s*(?[[sep_file_field]]))?,\s*(?:End Time:\s*(?[[sep_file_field]]))?,\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?:Domain Name:\s*(?[[sep_file_field]]))?,\s*(?:Action\sType:\s*(?[[sep_file_field]])),\s*File\ssize\s(bytes):\s*(?[[sep_file_field]]),\s*Device\sID:\s*(?[[sep_file_field]]) ... View more

Re: Splunk TA for Symantec Brightmail

by in Splunk Search
‎03-30-2020 01:44 AM
‎03-30-2020 01:44 AM
@to4kawa do you the TA ? ... View more

Re: How to fix the Data Parsing issue for the even...

by in Getting Data In
‎03-04-2020 06:02 AM
‎03-04-2020 06:02 AM
use this regex to extract agt_risk (?i)(?:[[sep_file_prefix]]),\s*(?[[sep_file_field]]),\s*(?:IP\sAddress:\s*(?[[sep_file_field]]))?,\s*(?:Computer\sname:\s*(?[[sep_file_field]]))?,?\s*(?:Source:\s*(?[[sep_file_field]]))?,\s*(?:Risk\sname:\s*(?[[sep_file_field]]))?,\s*(?:Occurrences:\s*(?[[sep_file_field]]))?,\s*(?[[sep_file_field]]),\s*(?[[sep_file_field]]),\s*(?:Actual\saction:\s*(?[[sep_file_field]]))?,\s*(?:Requested\saction:\s*(?[[sep_file_field]]))?,\s*(?:Secondary\saction:\s*(?[[sep_file_field]]))?,\s*(?:Event\stime:\s*(?[[sep_file_field]]))?,\s*(?:Event Insert Time:\s*(?[[sep_file_field]]))?,\s*(?:End Time:\s*(?[[sep_file_field]]))?,\s*(?:Last\supdate\stime:\s*(?[[sep_file_field]]))?,\s*(?:Domain Name:\s*(?[[sep_file_field]]))?,\s*(?:Group Name:\s*(?[[sep_file_field]]))?,\s*(?:Server Name:\s*(?[[sep_file_field]]))?,\s*(?:User\sName:(?[[sep_file_field]])),\s*(?:Source\sComputer Name:\s*(?[[sep_file_field]]))?,\s*(?:Source\sComputer IP:\s*(?[[sep_file_field]]))?,\s*(?:Disposition:\s*(?[[sep_file_field]]))?,\s*(?:Download site:(?[[sep_file_field]]))?,\s*(?:Web\sdomain:\s*(?.))?,\s(?:Downloaded\sby:\s*(?[[sep_file_field]]))?,\s*(?:Prevalence:\s*(?[[sep_file_field]]))?,\s*(?:Confidence:\s*(?[[sep_file_field]]))?,\s*(?:URL\sTracking\sStatus:\s*(?[[sep_file_field]]))?,\s*\s*(?:First\sseen:\s*(?[[sep_file_field]]))?,\s*(?:Sensitivity:\s*(?[[sep_file_field]]))?,\s*(?[[sep_file_field]]),\s*(?:Application\shash:\s*(?[[sep_file_field]]))?,\s*(?:Hash\stype:\s*(?[[sep_file_field]]))?,\s*(?:Company\sname:\s*(?.))?,\s(?:Application\sname:\s*(?[[sep_file_field]]))?,\s*(?:Application\sversion:\s*(?P.))?,\s(?:Application\stype:\s*(?[[sep_file_field]]))?,\s*(?:File\ssize\s(bytes):\s*(?[[sep_file_field]]))?,\s*Category\sset:\s*(?[[sep_file_field]]),\s*Category\stype:\s*(?[[sep_file_field]])?,\s*(?:Location:\s*(?[[sep_file_field]]))?,\s*(?:Intensive\sProtection\sLevel:\s*(?[[sep_file_field]]))?,\s*(?:Certificate\sissuer:\s*(?[[sep_file_field]]))?,\s*(?:Certificate\ssigner:\s*(?[[sep_file_field]]))?,?\s*(?:Certificate\sthumbprint:\s*(?[[sep_file_field]]))?,?\s*(?:Signing\stimestamp:\s*(?[[sep_file_field]]))?,\s*(?:Certificate\sserial\snumber:\s*(?[[sep_file_field]]))? ... View more

Re: Splunk TA for Symantec Brightmail

by in Splunk Search
‎02-23-2020 12:35 AM
‎02-23-2020 12:35 AM
I haven't find any TA or Regex posted in community. ... View more

Splunk TA for Symantec Brightmail

by in Splunk Search
‎02-22-2020 08:41 AM
‎02-22-2020 08:41 AM
Anyone have TA for Symantec brightmail. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-21-2020 04:56 PM