App is not parsing the URI to create interesting fields

[jchubbar]

Describe the bug

In our environment where we have the Splunk Addon 6.6, we can use q=* OR pq=* to parse URIs to gather search terms in search engines. But we upgraded to 8.2 and no longer have that functionality.

Expected behavior

In 6.6 , if I add (pq=* OR query=* OR p=* OR q=*) as a part of the search terms, I see interesting fields that contain what the user searched for.

Current behavior

In 8.2, with the same query, no results are returned.

Possible solution

None

Steps to reproduce

Run a Splunk query like:
(index=corp_palo_alto sourcetype=pan:threat log_subtype=url) (pq=* OR query=* OR p=* OR q=*) categories IN (search-engines, streaming-media)

See the results and Interesting Fields populate in our Splunk environment that has the TA app 6.6.

Context

Need to move all functionality to SplunkCloud and the 6.6 version of the Palo Alto app is not supported.

Your Environment

On-prem Splunk that has the Palo Alto Networks Addon 6.6.0 installed
SplunkCloud that has the Palo Alto Networks Addon 8.2.0 installed

[welcome-to-palo-alto-networks]

🎉 Thanks for opening your first issue here! Welcome to the community!