remg427 / misp42splunk

A Splunk app to use MISP in background
GNU Lesser General Public License v3.0
108 stars 30 forks source link

Mispgetioc - missing object attribute fields in the results #209

Closed ykorkmaz closed 2 years ago

ykorkmaz commented 2 years ago

Hi,

I realized that not all fields which are part of an object attribute are displayed in result set in Splunk. I am especially looking for "object_relation" field which is part of the json object returned but missing in the results shown in Splunk.

Is there a way to include all fields of an attribute object in the results?

Best regards, ya.ko

remg427 commented 2 years ago

Hi, Thank you for using misp42 Indeed mispgetioc or mispgetevent return in tabular format a subset of commonly used attribute properties If you prefer to get all fields simply use parameter output=raw and you will get the full JSON to parse with spath Hope it answers your question -- Sent with K-9 Mail.