olafhartong
commented
4 years ago I do not see an error in the screenshot, all queries are still running there, hence the blue bars. Did you get it to work by now?
Closed ssupernova closed 3 years ago
olafhartong
commented
4 years ago I do not see an error in the screenshot, all queries are still running there, hence the blue bars. Did you get it to work by now?
tongsens
commented
3 years ago I get the same error, ($exclude_technique$) AND ($exclude_host_fqdn$) don't work, what is it means?
kucster
commented
3 years ago I'm having the same issue. But I noticed Activity by time per day was populating. When I looked at the queries I noticed the "Activity by time per day" was missing $exclude_technique$) AND ($exclude_host_fqdn$). When I edited the other queries on the page to exclude this they also start populating, but the drill down is not working as it seems like these have a purpose. I searched the code to try and find there purpose but I can't seem to find it. I will admit I'm new to Splunk and I'm sure I'm just missing something but my ThreatHunting app about is all green. Thank you for your awesome app
Hi, I'm getting this error.
I suspect its because I have not defined mitre_category properly because when I search index=threathunting I am getting result. Here is a sample query that is not loading.
index=threathunting mitre_category="Initial_Access" ($exclude_technique$) AND ($exclude_host_fqdn$) | timechart span=24h count(mitre_category) | appendpipe [stats count | where count=0]