Line 1199 within default/savedsearches.conf is missing a trailing backslash #20
Comments
|
Thankyou for finding this, I've fixed it in the test branch |
gjanders
added a commit
that referenced
this issue
Sep 11, 2023
…csv` was updated based on [gettingsmarter (github repo)](https://github.com/redvelociraptor/gettingsmarter/), the updated lookup was created by @jgedeon and additionally includes some health endpoint return codes (as well as those returned by the standard HEC endpoint) Updated alerts: - `SplunkEnterpriseLevel - Splunkd Log Messages Admins Only` - more criteria - `SearchHeadLevel - Scheduled Searches That Cannot Run` - correcting issue #20 (thanks @barrettnet) Updated reports: - `SearchHeadLevel - Search Queries summary exact match` - added provenance - `SearchHeadLevel - Search Queries summary non-exact match` - added provenance - `SearchHeadLevel - audit.log - lookup usage` - updated to handle mlspl files as well (apply command) - `SearchHeadLevel - Lookup file owners` - now includes an additional join that can be used if TA-webtools is installed (to improve accuracy/exclude default lookup definitions/files) New reports: - `SearchHeadLevel - Detect lookups that have not being accessed for a period of time` - `SearchHeadLevel - Lookup Editor lookup updates` - `SearchHeadLevel - Lookups within dashboards` - `SearchHeadLevel - Lookups within savedsearches` - `SearchHeadLevel - REST API usage via audit.log`
|
Released in 3.0.9 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Line 1199 within default/savedsearches.conf, which resides within the [SearchHeadLevel - Scheduled Searches That Cannot Run] stanza, is missing a trailing "\" (backslash).
The text was updated successfully, but these errors were encountered: