Hello All, I need your assistance to fetch the below details about Datamodels: - 1. What is the lifecycle of Splunk datamodel? 2. How Splunk logs events in _internal index when Splunk e...
Hello I have great difficulties to understand where to begin for using the CIM datamodel Is anybody can clearly summarize the different ways to apply a CIM datamodel in my own apps? Thanks in advance
Hello As far I understand, the Splunk datamodel has two main goals 1) Data models enable users of Pivot to create compelling reports and dashboards without designing the searches that g...
I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which fields in endpoint datamodel. for example Image & ParentImage it s...
My Web Datamodel was set to 3 months with 67 GB+ size on disk. I reduced the summary range to 1 month, and size on disk increased to 100 GB+ size on disk. This doesn't make sense, can someone help e...
When I pivot a particular datamodel, I get this error, "Datamodel 'Splunk_CIM_Validation.Vulnerabilities' had an invalid search, cannot get indexes to search" After inspecting the search.log, I n...
I'm a bit confused.
If I have accelerated datamodels and upgrade CIM version and the update adds new fields in datamodels...
What then? Will my datamodels keep at old definition version since t...
I have an accelerated CIM data model. The indexes used to populate the datamodel (and accelerated summaries) are defined by a macro (a typical CIM approach - cim_Email_indexes, c...
Hi, can someone one help me with an SPL so that I can list the indexes of a datamodel. datamodel name - authentication.malware Appreciate your help in advance.