Solved: Splunk Add-on for Cisco Identity Services: How to ...

stboch · ‎09-09-2016

There are several overlapping field aliases causing inconsistent issues.

I recommend the following changes.

Before:

FIELDALIAS-cisco-ise-user_name-as-UserName = User_Name AS UserName

After:

FIELDALIAS-cisco-ise-user_name-as-UserName = User_Name AS user

The UserName field is used in part of the ISE log services, and is being overwritten inconsistently with blank data.

stboch · ‎09-09-2016

I recommend the following changes.

Before:

FIELDALIAS-cisco-ise-user_name-as-UserName = User_Name AS UserName

After:

FIELDALIAS-cisco-ise-user_name-as-UserName = User_Name AS user

View solution in original post

stboch · ‎09-09-2016

I recommend the following changes.

Before:

FIELDALIAS-cisco-ise-user_name-as-UserName = User_Name AS UserName

After:

FIELDALIAS-cisco-ise-user_name-as-UserName = User_Name AS user

ppablo · ‎09-09-2016

Hi @stboch

Thanks for sharing this tip on Splunk Answers for the rest of the community. Could you actually post the solution below in the "Enter your answer here..." box? We can then accept the answer to resolve the post so this question displays as having a working solution.

stboch · ‎09-09-2016

I copied the information into an answer

Splunk Add-on for Cisco Identity Services: How to prevent the UserName field from being overwritten by overlapping field aliases?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life