Seriously, though; what app are you using? What search inside that app? You have given us no context to assist.
In ES-->security domain-->end point--> malware center
-- this is the search string
| inputlookup append=T malware_tracker | stats max(firstTime) as firstTime,dc(dest) by signature | eval _time=firstTime |
daysago(30) | sort 100 - firstTime |
uitime(firstTime) | table firstTime,signature,dc(dest)
Are you using the technical add-on (TA) for the malware product you use? For example, have you deployed the Sophos or Symantec or other AV product TA with the universal forwarder as directed in the product guide? If not, that is the first place to start. ES needs those TAs installed as directed to leverage the data models that power the underlying searches for ES, both dashboards and correlations.
Congratulations, you're Malware Free!
But as mentioned, what sources are you ingesting into Splunk that provide your malware detection and actions?