2 of 2 people found this helpful
I think because these are not indexed fields.
What are you trying to accomplish with the "Referer".
Are you tying to see if somebody web scrapped your website and now is using it to Phish credentials and when they use it on there maliuos site it sends a Referer to your web login page? Possible Action could be to tail the log file the Referer is in and then create a log parser to pull data out and alert on it.
You are correct. I've tried adding a new Custom Type and inside the description it's stated that "Non-indexed string types will be filterable by regular expression only.".
A quick validation on this can be done by creating a new custom type with Indexing enabled and another with indexing disabled. The one with Indexing enabled will be usable in drill-downs as for the disabled one it will not appear.
Valid for custom aggregation fields as well - if it's indexed you can aggregate data based on it.
How can i index this two custom files? Destination_Filename, Access_Privileges
I Can't edit.
I try export, change and import but i was ignored by siem lol
The only option you have is to add a new custom type like destination_filename2