Suirand1

@sebastiendamaye your patch does not work for me. Adding `| eval input_host_fqdn = COALESCE(if(trim("$host_fqdn$")="", "*", trim("$host_fqdn$")), "*")` did not fix issue for newest version of threathunting app. Pressing submit button...

@tbalz2319 you can exclude these by creating new .xml file in 11_file_create folder and running the merge script. The content of the file can be something like this ``` C:\Program...

> Thank you I will try this out, what exactly merge command shall I use? I see a few different options $> cd sysmon modular $> . .\Merge-SysmonXml.ps1 $> Merge-AllSysmonXml...

I will post my modified script which works for me. Hope it will be help for somebody. ``` ECHO OFF FOR /F "delims=" %%i IN ('wmic service SplunkForwarder get Pathname...