Hello Ryan,
It's a workaround we are trying to apply. We are using your Splunk App for Resilient to create incidents once an alert is triggered. These alerts contain a set of IP addresses and user accounts which we want to create as artifacts.
However, due to limitations in the app, you cannot iterate through them and create an artifact for each one but instead you can join the array that Splunks outputs using a separator like a comma and put it as the artifact value. This works for artifacts that allow multiple values but for the others you simply will get a really long and meaningless string (in our case, a lot of emails separated by commas). Actually, this itself is a workaround as what we want is to dump these values into a data table.
Then as a workaround to the workaround, we were thinking about putting this long string in an "invisible" field, which then will be parsed by a script on Resilient and add rows to the data table.
In addition to any help or comments you could provide about what I have just described, could you please let us know if anyone else has dealt with a similar requirement before?
Best regards,
------------------------------
Carlos Ortigoza
------------------------------
Original Message:
Sent: Wed May 29, 2019 08:51 AM
From: Ryan Gordon
Subject: Question about field size limits
Hi Carlos,
Thank you for contacting the community forum.
I have asked around on this and there appears to be no absolute limit placed on Text Area fields. That being said, could you give us an example of your usecase so we can better determine if it will work.
------------------------------
Ryan Gordon
Security Software Engineer
IBM
Original Message:
Sent: Tue May 28, 2019 02:58 PM
From: Carlos Ortigoza
Subject: Question about field size limits
Hello,
Is there any size limit for "text area" field? What will happen if reached?
Thanks in advance for your help.
Best regards,
------------------------------
Carlos Ortigoza
------------------------------