Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why isn't my datamodel doesnt returning any data?

graju89
Path Finder
‎10-31-2018 01:03 PM

Hi all,

I have upgraded my Splunk from 6.6.6 to 7.1.1 and installed a new Splunk CIM version(4.12). I accelerated a few data models like malware, network traffic and change analysis. Malware data model is 100% completed. When I try with the search query | tstats count from datamodel=Malware | sort -count, it returns 28. So i assume the data model has some data. But it is not showing any data from it.

Note: other data models are in the process of building. My search peers are running 6.6.6(I dont think it matters)

Any idea why it is not showing any data?

0 Karma
Reply

graju89
Path Finder
‎11-01-2018 08:36 AM

Just an update for the above post. setting summariesonly=f returns data. Also, the statistics of accelerated data is:
Status 100.00% Completed
Access Count 950. Last Access: 11/1/18 11:23:04.000 AM
Size on Disk 167.26 GB
Summary Range 7948800 second(s)
Buckets 1787
Updated 11/1/18 10:54:35.000 AM

Everything looks good. Dont know why summariesonly=true doesnt return anything

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...