ralf-9000
commented
3 years ago To be more precise: "deleted" = "soft deleted"
Closed ralf-9000 closed 3 years ago
ralf-9000
commented
3 years ago To be more precise: "deleted" = "soft deleted"
Hi all,
and many thanks to this nice interface with all this features, congretulations! But we have one challange: we transfer a huge amount of attributes from MISP to Splunk, that works incremental very well for all new attributes. But what happen is that attributes are deleted some time in MISP even at the time the event is in state published.
We have seen that such a boolean colmn "misp_attribute_deleted" exists, what is really helpful but we have not got it to work, we are expecting to see the deleted attributes in the dataset with the value "true" in that column.
What are we doing wrong, is there a method to switch such thing on?
Thanks in advance for any help,
Ralf