topic Re: Auditing Datamodels in Splunk Enterprise Security https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389299#M4167 <P>There is also the function <A href="https://docs.splunk.com/Documentation/Splunk/7.2.4/SearchReference/Fieldsummary">fieldsummary</A>.</P> Tue, 19 Feb 2019 08:45:41 GMT skalliger 2019-02-19T08:45:41Z Auditing Datamodels https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389296#M4164 <P>Hello,</P> <P>Is there a way to validate the fields used in the datamodel by how compliant they are with the current setup?<BR /> I am trying to validate and fix data models to receive optimum results in the Splunk ES.</P> <P>Any tips regarding the issue will be appreciated,<BR /> Thanks</P> Fri, 15 Feb 2019 09:57:45 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389296#M4164 zekiramhi 2019-02-15T09:57:45Z Re: Auditing Datamodels https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389297#M4165 <P>Would this help? <A href="https://docs.splunk.com/Documentation/ES/5.2.2/Admin/Dashboardrequirements">https://docs.splunk.com/Documentation/ES/5.2.2/Admin/Dashboardrequirements</A> </P> <P>Also, for e.g. You can use | from datamodel "Authentication.Authentication" | fieldsummary for Authentication datamodel to check if all the datamodel fields are mapped and check the valued to see if they are related to your datasource.</P> Fri, 15 Feb 2019 17:41:42 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389297#M4165 lakshman239 2019-02-15T17:41:42Z Re: Auditing Datamodels https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389298#M4166 <P>try this app<BR /> <A href="https://splunkbase.splunk.com/app/2968/">https://splunkbase.splunk.com/app/2968/</A></P> Fri, 15 Feb 2019 21:37:28 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389298#M4166 adonio 2019-02-15T21:37:28Z Re: Auditing Datamodels https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389299#M4167 <P>There is also the function <A href="https://docs.splunk.com/Documentation/Splunk/7.2.4/SearchReference/Fieldsummary">fieldsummary</A>.</P> Tue, 19 Feb 2019 08:45:41 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389299#M4167 skalliger 2019-02-19T08:45:41Z Re: Auditing Datamodels https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389300#M4168 <P>if you are happy with the answers provided and/or your issue resolved, can you pls accept the response to close tracking on this?</P> Mon, 25 Feb 2019 12:59:07 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389300#M4168 lakshman239 2019-02-25T12:59:07Z Re: Auditing Datamodels https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389301#M4169 <P>Sure, Sorry im new to Splunk Answers.</P> Wed, 27 Feb 2019 07:56:29 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389301#M4169 zekiramhi 2019-02-27T07:56:29Z Re: Auditing Datamodels https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389302#M4170 <P>Fantastic, Exactly what I needed. Thanks!</P> Wed, 27 Feb 2019 12:31:37 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Auditing-Datamodels/m-p/389302#M4170 zekiramhi 2019-02-27T12:31:37Z