Good Morning.
I am using the "Splunk Security Essentials" add-on and when executing a search, I get an error in the macro ut_parse_extended (url, list) . I put the search:
"index = * sourcetype = pan: threat OR (tag = web tag = proxy) earliest = -20m @ m earliest = -5m @ m | eval list =" mozilla "| ut_parse_extended (url, list) | lookup dynamic_dns_lookup domain as ut_domain OUTPUT inlist | search inlist = true | table _time ut_domain inlist bytes * uri "
And the error:
"Error in 'SearchParser': The search specifies a macro 'ut_parse_extended' that can not be found. Reasons include: the macro name is misspelled, you do not have" read "permission for the macro, or the macro has not been shared with this application, Click Settings, Advanced search, Search Macros to view macro information. "
Could you help me? Thank you.
A greeting.
... View more