Knowledge Management

Seeing sourcetypes in Endpoint data model

cswansonvt
New Member

When searching to see which sourcetypes are in the Endpoint data model, I am getting different results if I search:

| tstats `summariesonly` c as count from datamodel="Endpoint" by index, sourcetype

than when I search:

| tstats `summariesonly` c as count from datamodel="Endpoint.Processes" by index, sourcetype

Why wouldn't the sourcetypes under the Processes data set be included in the first search for sourcetypes in the Endpoint data model?

Thanks.

Labels (1)
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>