- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why does every search in the RWI - Executive Dashboard app reference data models?
The Splunkbase page for the RWI app states: "There are no major considerations for installing Remote Work Insights - simply follow your usual Splunk App Deployment procedure."
I find this to be very misleading because if you do not have fully populated data models this app will do literally nothing, even if you point the macros to the correct indexes.
Please be transparent if you want people to install & use your app. Advice is welcomed, perhaps I'm missing a relevant workaround.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I guess it requires no major consideration so long as you are running the common information model add-on which creates the data models.
There may be more pieces to the puzzle but the network_sessions and authentication data model are both created from within the CIM add-on (link below). I believe this is a heavy hitter so if your Splunk instance is already hitting performance limits during peak usage you may wish to have a conversation before loading this add-on.
