Hi,
I didnt see any fields from the dlp datamodel apart from 1 event ,what we fix this to get all the fields and events ?
@AL3Z - I can see you are searching for last 30 minutes only. Try increasing the timerange to see if you have more details.
I hope this helps!!!
Hi Vatsal,
Even if we search for 24 hours or 7days it is showing the same output.
@AL3Z - You need to check the events field extraction for data-model mapping.
You can use this for learning - https://www.youtube.com/watch?v=cJw3IAgbBV0
Hi,If I use the |datamodel DLP DLP_Incidents search its populating all the fields with out search at the end its not giving all the fields why ?
That's how the datamodel command should work. Read more here - https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Datamodel#.26lt.3Bdata_model_sear...
