Solved: Why are the Data Models not building?

mcxrisley08 · ‎03-26-2018

I have recently rebuilt our server that hosts the Enterprise Security app here and I am having trouble with some of the Data Models not building. I have tried stop and restarting the acceleration of the models and they all still get stuck at building. Does anyone have any ideas why this may be?

mcxrisley08 · ‎03-29-2018

UPDATE: I finally fixed the issue with my data models. After doing some troubleshooting I determined that the data was not normalizing, so I downloaded some add-ons and the data models started building and were searchable within a few minutes.

View solution in original post

mcxrisley08 · ‎03-29-2018

UPDATE: I finally fixed the issue with my data models. After doing some troubleshooting I determined that the data was not normalizing, so I downloaded some add-ons and the data models started building and were searchable within a few minutes.

mxg142 · ‎05-05-2020

What add-ons did you specifically download? I am experiencing the same thing so additional context as to what/why this is occurring and what you downloaded to fix the issue would be helpful.

richgalloway · ‎03-29-2018

@mcxrisley08 If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.

mcxrisley08 · ‎03-27-2018

UPDATE: I still have not fixed this issue but have noticed that whenever I run a search for the tags associated with the data models that are not building, I get 0 results. So I created one of the tags to see if this would fix this issue. The search found the events but matched 0 of 1,879,456 events. Maybe the tags not existing or being able to find the data could be associated with the data models not building?

Why are the Data Models not building?

troubleshooting

using Enterprise Security

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation