Nicolas-Pellletier
commented
1 year ago Well i saw nothing because the earliest event date back from 3 month ago (see on the 1st picture), and the search query (see on the 2nd picture) show all events in the last 30 days...
But i was a bit surprise to get only event that date back to 3 month ago while i put last: 30d or less in the search query.
But this is because last is linked to publish_timestamp not date which is the time the event occur.
Hello,
Firstly thanks a lot for this tool, it seems really great.
Unfortunately I can't see any events in the search query where i put
index="misp". Though it seems to be there and populated with MISP events (URL: http://localhost:9000/en-US/manager/misp42splunk/data/indexes#):I've populated the index with MISP info using this command:
| mispgetioc misp_instance=MISP_test last=10d | collect index=mispI'm not sure if it's the regular way to do it, i've never used splunk application before...In the search view with the
index="misp"i got nothing (URL: http://localhost:9000/en-US/app/search/search):