...ight after getting SplunkEnterprise installed on their local machine. It can be daunting to log into Splunkfor the first time and know what the heck you should do. A person can get through the i...
I'm just trying to grok out how the Splunk_SA_CIM overlaps with the ES app in terms of data model accelerations. Out of the box it looks like it's set to accelerate a set of datamodels from the SPLUNK...
...ourcetype=iis), I see that in the ES is it not being normalized as it should.
I also see that there is no TA for it as well. I have tried adding field-alias on the Search head as seen in http://a...