Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I enable inactive data models?

DanAlexander
Communicator
‎09-13-2022 02:22 AM

Morning all,

I am new to Data Models and wanted some guidance of how I can enable some of the inactive ones. Is acceleration available after the Data Model is activated. I am confused with acceleration and how to enable a Data Model. I just want to enable our Endpoint Data Model as we are gaining logs from Universal Forwarder and Sysmon as well. Wanted to find some useful Endpoint use cases I can start using.  

Any help much appreciated!

Thank you!

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-13-2022 08:49 AM

I'm not sure what you mean by "inactive" and "active" with regard to data models.  That's not a term I've seen used in that context.  Likewise with "enabled".  If a data model exists then it's enabled.

Data model acceleration (DMA) is another matter.  DMA can be enabled in the Settings->Data models page.  Chose "Edit Acceleration" from the Edit menu of the appropriate data model.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top