Mispgetioc - missing object attribute fields in the results

Question

Mispgetioc - missing object attribute fields in the results

ykorkmaz opened this issue 3 years ago · comments

Hi,

I realized that not all fields which are part of an object attribute are displayed in result set in Splunk. I am especially looking for "object_relation" field which is part of the json object returned but missing in the results shown in Splunk.

Is there a way to include all fields of an attribute object in the results?

Best regards,
ya.ko

Remi · Answer 1 · Wed Jan 19 2022 15:21:22 GMT+0800 (China Standard Time)

Hi, Thank you for using misp42 Indeed mispgetioc or mispgetevent return in tabular format a subset of commonly used attribute properties If you prefer to get all fields simply use parameter output=raw and you will get the full JSON to parse with spath Hope it answers your question -- Sent with K-9 Mail.