Closed ykorkmaz closed 2 years ago
Hi, Thank you for using misp42 Indeed mispgetioc or mispgetevent return in tabular format a subset of commonly used attribute properties If you prefer to get all fields simply use parameter output=raw and you will get the full JSON to parse with spath Hope it answers your question -- Sent with K-9 Mail.
Hi,
I realized that not all fields which are part of an object attribute are displayed in result set in Splunk. I am especially looking for "object_relation" field which is part of the json object returned but missing in the results shown in Splunk.
Is there a way to include all fields of an attribute object in the results?
Best regards, ya.ko