Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mikael
Collaborator
Collaborator

Custom IOC feed report

Hi all,

I'm trying to create a report in R81 for an environment with multiple external IOC feeds.

In the report I'd like a table that shows the number of logs peer feed.

As far as I can tell the information I need is stored in the "Indicator Name"-field (see screenshot) and this field isn't indexed.

2021-06-17_22-27-01.jpg

There's similar information in the "Protection Name"-field but that also contains the observXXXX-information which isn't what I want.

Does anyone know If there is a way to create a report for a field that isn't indexed, or if I can add fields to the index?

Another option would be if I can filter the data from the indexed field "Protection Name" to build the chart based only on the first X characters.

Any ideas?

Cheers

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

That which is not indexed can’t have reports run against it.
It would require an RFE.

That said, R81.10 is just around the corner and won’t be using Solr any longer.
It'll be interesting to see if that also means more fields will be indexed/available for reports.

0 Kudos
Mikael
Collaborator
Collaborator

Doesn't look promising based on the current R81.10 EA-client and the demo-environment...

Let's hope there are things to be done on the backend once it's released...

0 Kudos
PhoneBoy
Admin
Admin

It appears I kind of got this wrong.
Solr is being removed, but only for certain management-related functions unrelated to logging.
Logging will still use Solr, with R81 seeing a huge improvement due to an upgraded version.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events