Datamodel Search is empty

b_chris21 · ‎02-17-2021

Hello,

I have an issue with Endpoint Datamodel while using Enterprise Security.

Specifically I am running:

|rest splunk_server=local /services/datamodel/acceleration |fields title search

Every datamodel has a search string populated except Endpoint.

Is there an explanation for that?

Thank you in advance.

Regards,

Chris

lkutch_splunk · ‎02-17-2021

I don't know the answer for sure, but do you need to include the data set? For example: Endpoint.Ports, Endpoint.Processes, Endpoint.Services, or Endpoint.Filesystem?

https://docs.splunk.com/Documentation/CIM/4.18.0/User/Endpoint#Search_Example

Datamodel Search is empty

configuration

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!