From b2253747dbc41034e512084c6d4947d60823fdb3 Mon Sep 17 00:00:00 2001 From: Mark Bonsack Date: Thu, 20 Feb 2020 17:21:14 -0800 Subject: [PATCH] Minor fixup to Cisco ACS single message search * Remove "| head 11" from ACS single message search --- tests/test_cisco_acs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_cisco_acs.py b/tests/test_cisco_acs.py index f83e4ea..19cf8b9 100644 --- a/tests/test_cisco_acs.py +++ b/tests/test_cisco_acs.py @@ -60,7 +60,7 @@ def test_cisco_acs_single(record_property, setup_wordlist, setup_splunk, setup_s sendsingle(message, setup_sc4s[0], setup_sc4s[1][514]) - st = env.from_string("search _time={{ epoch }} index=netauth host=\"{{ host }}\" sourcetype=\"cisco:acs\" | head 11") + st = env.from_string("search _time={{ epoch }} index=netauth host=\"{{ host }}\" sourcetype=\"cisco:acs\"") search = st.render(host=host, epoch=epoch) resultCount, eventCount = splunk_single(setup_splunk, search)