Why are the "status_code" and "rep" fields necessa...

dluiz · ‎01-21-2015

Can someone explain why the "status_code" and "rep" fields below are necessary to identify uncategorized URLs in the App for McAfee Web Gateway?

index=mwg sourcetype=MWGaccess3 status_code!=407 status_code="5*" urlc="-" rep!="-"

PavelP · ‎05-03-2016

Hello dluiz,

by excluding 5xx status codes you filter out various connectoins problems (like inability to resolve the destination host).
'rep!="-"' means include results where the Trusted Source Database was queried. In other case the results will include hosts from the white list.

best regards
Pavel

ppablo · ‎01-21-2015

Hi @dluiz

In case you don't get an answer here, you can always contact the developer of the app directly. The contact information for the developer of an app is found on the bottom right panel of the app's page:
https://apps.splunk.com/app/1654/

For the this particular app, they also put their contact information at the bottom of the Overview tab which is splunk@compek.net

dluiz · ‎01-21-2015

Thanks for the suggestions ppablo!

ppablo · ‎01-21-2015

No problem, hope ya find an answer soon 🙂

Why are the "status_code" and "rep" fields necessary to identify uncategorized URLs in the App for McAfee Web Gateway?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life