Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I enable inactive data models?

DanAlexander
Communicator
‎09-13-2022 02:22 AM

Morning all,

I am new to Data Models and wanted some guidance of how I can enable some of the inactive ones. Is acceleration available after the Data Model is activated. I am confused with acceleration and how to enable a Data Model. I just want to enable our Endpoint Data Model as we are gaining logs from Universal Forwarder and Sysmon as well. Wanted to find some useful Endpoint use cases I can start using.  

Any help much appreciated!

Thank you!

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-13-2022 08:49 AM

I'm not sure what you mean by "inactive" and "active" with regard to data models.  That's not a term I've seen used in that context.  Likewise with "enabled".  If a data model exists then it's enabled.

Data model acceleration (DMA) is another matter.  DMA can be enabled in the Settings->Data models page.  Chose "Edit Acceleration" from the Edit menu of the appropriate data model.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top