diff --git a/cyences_app_for_splunk/appserver/static/notable_event_editor.js b/cyences_app_for_splunk/appserver/static/notable_event_editor.js index f1d905b9..94fddba3 100644 --- a/cyences_app_for_splunk/appserver/static/notable_event_editor.js +++ b/cyences_app_for_splunk/appserver/static/notable_event_editor.js @@ -499,7 +499,7 @@ require([ this._searchManagerNotableEventResult.executeReusableSearch(`\`cs_cyences_index\` notable_event_id="${notable_event_id}" | fields - _raw, notable_event_id, search_name, alert_name, category, info_min_time, info_max_time, info_search_time, search_now, timestartpos, timeendpos, eventtype, linecount, splunk_server, splunk_server_group, tag, "tag::*", date_*, host, index, source, sourcetype, avoid_es_fields | rename * AS X_*_NEW - | foreach * [ eval newFieldName=replace("<>", "\\s+", "_"), {newFieldName}='<>' ] | fields - "* *", newFieldName + | foreach * [ eval newFieldName=replace("<>", "\\s+|\\.+", "_"), {newFieldName}='<>' ] | fields - "* *", newFieldName | foreach X_*_NEW [ eval <>=<> ] | fields - X_*_NEW | rename orig_* as * diff --git a/cyences_app_for_splunk/default/data/ui/views/cs_forensics.xml b/cyences_app_for_splunk/default/data/ui/views/cs_forensics.xml index 0a223a71..c35c8a98 100644 --- a/cyences_app_for_splunk/default/data/ui/views/cs_forensics.xml +++ b/cyences_app_for_splunk/default/data/ui/views/cs_forensics.xml @@ -8,7 +8,7 @@ | search cyences_severity IN $tkn_severity$ | fields - _raw, search_name, alert_name, category, info_min_time, info_max_time, info_search_time, search_now, timestartpos, timeendpos, eventtype, linecount, splunk_server, splunk_server_group, tag, "tag::*", date_*, host, index, source, sourcetype, avoid_es_fields | rename * AS X_*_NEW -| foreach * [ eval newFieldName=replace("<<FIELD>>", "\s+", "_"), {newFieldName}='<<FIELD>>' ] | fields - "* *", newFieldName +| foreach * [ eval newFieldName=replace("<<FIELD>>", "\s+|\.+", "_"), {newFieldName}='<<FIELD>>' ] | fields - "* *", newFieldName | foreach X_*_NEW [ eval <<MATCHSTR>>=<<FIELD>> ] | fields - X_*_NEW | rename orig_* as * diff --git a/cyences_app_for_splunk/default/data/ui/views/cs_soc.xml b/cyences_app_for_splunk/default/data/ui/views/cs_soc.xml index 5fa6b441..adc74246 100644 --- a/cyences_app_for_splunk/default/data/ui/views/cs_soc.xml +++ b/cyences_app_for_splunk/default/data/ui/views/cs_soc.xml @@ -8,7 +8,7 @@ | search cyences_severity IN $tkn_severity$ | fields - _raw, search_name, category, info_min_time, info_max_time, info_search_time, search_now, timestartpos, timeendpos, eventtype, linecount, splunk_server, splunk_server_group, tag, "tag::*", date_*, host, index, source, sourcetype, avoid_es_fields | rename * AS X_*_NEW -| foreach * [ eval newFieldName=replace("<<FIELD>>", "\s+", "_"), {newFieldName}='<<FIELD>>' ] | fields - "* *", newFieldName +| foreach * [ eval newFieldName=replace("<<FIELD>>", "\s+|\.+", "_"), {newFieldName}='<<FIELD>>' ] | fields - "* *", newFieldName | foreach X_*_NEW [ eval <<MATCHSTR>>=<<FIELD>> ] | fields - X_*_NEW | rename orig_* as *