Solved: Re: Qualys App for Splunk Enterprise: How to get r...

muralianup · ‎01-04-2016

I am using the Qualys App for Splunk Enterprise and there's a lot of HTML tags in the Solution field.

Eg:
<P> , <A Href, <PRE>..etc.

Is there any way to get rid of these?

jkat54 · ‎01-04-2016

You can use sedcmd in props.conf or rex in search.

sedcmd-htmlaaa = "s/\<P\>//g"   #removes <P>
sedcmd-htmlaab = "s/\<\/P\>//g" #removes</P>

etc.

View solution in original post

jkat54 · ‎01-04-2016

You can use sedcmd in props.conf or rex in search.

sedcmd-htmlaaa = "s/\<P\>//g"   #removes <P>
sedcmd-htmlaab = "s/\<\/P\>//g" #removes</P>

etc.

muralianup · ‎01-04-2016

If its only

&

, its fine. But there're lots of other HTML tags in the field. Are you telling me I may need to add separate SED for each & every HTML tags ?

jkat54 · ‎01-06-2016

yes, welcome to data science... you would need a separate sedcmd for each html tag in my opinion.

But perhaps you can use a single regex to remove all markup...

http://lmgtfy.com/?q=regex+to+remove+all+html

The problem with a single sedcmd to remove all is that this:

 <h1>header</h1><div><font="red">body</font></div>

... will become this:

 headerbody

... or perhaps this if you're really good with regex you'll get smart and add special word/character or spaces: (underscores followed by space instead of original tags for example)

_ header_ _ _ body_ _

muralianup · ‎01-06-2016

Got it working. Used this SED in the search:

rex field=SOLUTION mode=sed "s/<[^>]*>//g"

Qualys App for Splunk Enterprise: How to get rid of HTML tags in Qualys "Solution" field?

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

IM Landing Page Filter - Now Available

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud