Closed ssupernova closed 3 years ago
I do not see an error in the screenshot, all queries are still running there, hence the blue bars. Did you get it to work by now?
I get the same error, ($exclude_technique$) AND ($exclude_host_fqdn$) don't work, what is it means?
I'm having the same issue. But I noticed Activity by time per day was populating. When I looked at the queries I noticed the "Activity by time per day" was missing $exclude_technique$) AND ($exclude_host_fqdn$). When I edited the other queries on the page to exclude this they also start populating, but the drill down is not working as it seems like these have a purpose. I searched the code to try and find there purpose but I can't seem to find it. I will admit I'm new to Splunk and I'm sure I'm just missing something but my ThreatHunting app about is all green. Thank you for your awesome app
Hi, I'm getting this error.![image](https://user-images.githubusercontent.com/20931741/72523415-c9b81b00-3870-11ea-9e5b-cd17cd3031cf.png)
I suspect its because I have not defined mitre_category properly because when I search index=threathunting I am getting result. Here is a sample query that is not loading.
index=threathunting mitre_category="Initial_Access" ($exclude_technique$) AND ($exclude_host_fqdn$) | timechart span=24h count(mitre_category) | appendpipe [stats count | where count=0]