Merge pull request #622 from CrossRealms/fields-with-dot-is-not-displ…

…aying-properly fixed the display issue for the fields having dot in it
CrossRealms · Sep 3, 2024 · 349e9fa · 349e9fa
2 parents 829eda0 + 6505188
commit 349e9fa
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/cyences_app_for_splunk/appserver/static/notable_event_editor.js b/cyences_app_for_splunk/appserver/static/notable_event_editor.js
@@ -499,7 +499,7 @@ require([
 
             this._searchManagerNotableEventResult.executeReusableSearch(`\`cs_cyences_index\` notable_event_id="${notable_event_id}" | fields - _raw, notable_event_id, search_name, alert_name, category, info_min_time, info_max_time, info_search_time, search_now, timestartpos, timeendpos, eventtype, linecount, splunk_server, splunk_server_group, tag, "tag::*", date_*, host, index, source, sourcetype, avoid_es_fields
             | rename * AS X_*_NEW
-            | foreach * [ eval newFieldName=replace("<<FIELD>>", "\\s+", "_"), {newFieldName}='<<FIELD>>' ] | fields - "* *", newFieldName
+            | foreach * [ eval newFieldName=replace("<<FIELD>>", "\\s+|\\.+", "_"), {newFieldName}='<<FIELD>>' ] | fields - "* *", newFieldName
             | foreach X_*_NEW [ eval <<MATCHSTR>>=<<FIELD>> ]
             | fields - X_*_NEW 
             | rename orig_* as * 

diff --git a/cyences_app_for_splunk/default/data/ui/views/cs_forensics.xml b/cyences_app_for_splunk/default/data/ui/views/cs_forensics.xml
@@ -8,7 +8,7 @@
 | search cyences_severity IN $tkn_severity$
 | fields - _raw, search_name, alert_name, category, info_min_time, info_max_time, info_search_time, search_now, timestartpos, timeendpos, eventtype, linecount, splunk_server, splunk_server_group, tag, "tag::*", date_*, host, index, source, sourcetype, avoid_es_fields
 | rename * AS X_*_NEW 
-| foreach * [ eval newFieldName=replace("&lt;&lt;FIELD&gt;&gt;", "\s+", "_"), {newFieldName}='&lt;&lt;FIELD&gt;&gt;' ] | fields - "* *", newFieldName 
+| foreach * [ eval newFieldName=replace("&lt;&lt;FIELD&gt;&gt;", "\s+|\.+", "_"), {newFieldName}='&lt;&lt;FIELD&gt;&gt;' ] | fields - "* *", newFieldName 
 | foreach X_*_NEW [ eval &lt;&lt;MATCHSTR&gt;&gt;=&lt;&lt;FIELD&gt;&gt; ]
 | fields - X_*_NEW 
 | rename orig_* as * 

diff --git a/cyences_app_for_splunk/default/data/ui/views/cs_soc.xml b/cyences_app_for_splunk/default/data/ui/views/cs_soc.xml
@@ -8,7 +8,7 @@
 | search cyences_severity IN $tkn_severity$
 | fields - _raw, search_name, category, info_min_time, info_max_time, info_search_time, search_now, timestartpos, timeendpos, eventtype, linecount, splunk_server, splunk_server_group, tag, "tag::*", date_*, host, index, source, sourcetype, avoid_es_fields
 | rename * AS X_*_NEW 
-| foreach * [ eval newFieldName=replace("&lt;&lt;FIELD&gt;&gt;", "\s+", "_"), {newFieldName}='&lt;&lt;FIELD&gt;&gt;' ] | fields - "* *", newFieldName 
+| foreach * [ eval newFieldName=replace("&lt;&lt;FIELD&gt;&gt;", "\s+|\.+", "_"), {newFieldName}='&lt;&lt;FIELD&gt;&gt;' ] | fields - "* *", newFieldName 
 | foreach X_*_NEW [ eval &lt;&lt;MATCHSTR&gt;&gt;=&lt;&lt;FIELD&gt;&gt; ]
 | fields - X_*_NEW 
 | rename orig_* as *