From f523d29a16ddf81444ab56648a2499a7a5b2115b Mon Sep 17 00:00:00 2001 From: Hardik Dholariya Date: Tue, 22 Aug 2023 16:28:55 +0530 Subject: [PATCH] Updated the lansweeper search --- cyences_app_for_splunk/default/savedsearches.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cyences_app_for_splunk/default/savedsearches.conf b/cyences_app_for_splunk/default/savedsearches.conf index cc277100..b35bfd3f 100644 --- a/cyences_app_for_splunk/default/savedsearches.conf +++ b/cyences_app_for_splunk/default/savedsearches.conf @@ -3524,9 +3524,8 @@ display.page.search.mode = fast request.ui_dispatch_app = cyences_app_for_splunk request.ui_dispatch_view = search search = `cs_lansweeper` `cs_lansweeper_timerange` \ -| dedup id \ -| eval product_name="Lansweeper", product_uuid=id, hostname=mvdedup(mvappend(AssetName, FQDN)), ip=lower(IPAddress), mac_address=lower(Mac), antivirus=mvzip(antivirus_name, antivirus_enabled, "#") \ -| rename _time as time, id as lansweeper_id, host as lansweeper_collected_by, site_name as Site, AssetTypename as AssetType, Statename as lansweeper_state, Userdomain as Domain, AssetGroup as GroupName, OScode as OSVersion, Username as lansweeper_user, version as AssetVersion, OS as lansweeper_os, FQDN as lansweeper_fqdn, Firstseen as FirstSeen, Lastseen as LastSeen \ +| eval product_name="Lansweeper", product_uuid=AssetID, hostname=lower(mvdedup(mvappend(AssetName, FQDN))), ip=lower(IPAddress), mac_address=lower(Mac), antivirus=mvzip(antivirus_name, antivirus_enabled, "#") \ +| rename _time as time, AssetID as lansweeper_id, host as lansweeper_collected_by, site_name as Site, AssetTypename as AssetType, Statename as lansweeper_state, Userdomain as Domain, AssetGroup as GroupName, OScode as OSVersion, Username as lansweeper_user, version as AssetVersion, OS as lansweeper_os, FQDN as lansweeper_fqdn, Firstseen as FirstSeen, Lastseen as LastSeen \ | table time, product_name, product_uuid, ip, mac_address, lansweeper_id, hostname, lansweeper_collected_by, Site, AssetType, lansweeper_state, Domain, GroupName, OSVersion, BuildNumber, AssetVersion, lansweeper_user, lansweeper_os, Description, IPLocation, lansweeper_fqdn, antivirus, AssetDomain, FirstSeen, LastSeen, AssetName, Serialnumber, Processor, Model, Manufacturer, OSRelease, OSname, SystemVersion, Memory, LsAgentVersion, LastLsAgent, LastChanged, DNSName \ | cyencesdevicemanager operation="addentries" \ | stats values(GroupName) as GroupName, values(antivirus) as antivirus, values(Processor) as Processor, first(*) as * by lansweeper_id \