This is because url is build from 4 parts (cs_uri_scheme + "://" + cs_host + cs_uri_path + "?" + cs_uri_query) and when cs_uri_query is empty url will be empty. Please adjust the TA and in props.conf instead of: EVAL-url = cs_uri_scheme + "://" + cs_host + cs_uri_path + "?" + cs_uri_query use: EVAL-url = case(len(cs_uri_query)>0 AND len(cs_uri_path)>0,cs_uri_scheme + "://" + cs_host + cs_uri_path + "?" + cs_uri_query, len(cs_uri_path)>0,cs_uri_scheme + "://" + cs_host + cs_uri_path, 1==1,cs_uri_scheme + "://" + cs_host) ... View more

Splunk Add-on for CyberArk is missing a space in a REGEX causing events not to be extracted. Please adjust the TA into: [cyberark_epv_cef_cyberark_pta_cef_extract_field_0] REGEX = CEF:\s?(\d+)|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|[^\s|]+=.* FORMAT = cef_cefVersion::$1 cef_vendor::$2 cef_product::$3 cef_version::$4 cef_signature::$5 cef_name::$6 cef_severity::$7 ... View more

you will need to fill out the form on the Cylance site to get the app--that is where the link directs you: https://info.cylance.com/cylance-splunk-add-on i'm going to close this question, since it's not a technical question. ... View more

please submit a support case to have apps set up for you in Splunk Cloud. this is not something you can do on your own. i'm going to close this and the other nearly identical question you posted. ... View more

please submit a support case to have apps set up for you in Splunk Cloud. this is not something you can do on your own. i'm going to close this and the other nearly identical question you posted. ... View more

it's this: http://www.splunk.com/view/SP-CAAAH9U i think it must have used to be called "what is Splunk" but was changed at some point recently. ... View more