dears,
I have installed Splunk Enterprise Security on splunk and I would like to constrain specific data model to specific splunk indexes but I have a lot of data and a lot of indexes how can I map which data model need which sourcetypes/indexes
http://docs.splunk.com/Documentation/ES/4.7.4/Install/Datamodels
Section: Constrain data model searches to specific indexes