...ACCELERATE_ I accessed the DataModels page and expanded the CIM Validation (S.o.S) datamodel. The information I got is: "Access Count: 0 - Last Access: -) while size is 750MB and frequently updated. My q...
Hi All, I'm not that familiar with DMA as I have not had any exposure really to setting up datamodels so far but am currently having an issue atm with DMA not saying active. We had to disabled D...
I have an accelerated CIMdatamodel. The indexes used to populate the datamodel (and accelerated summaries) are defined by a macro (a typical CIM approach - cim_Email_indexes, cim...
I'm a bit confused.
If I have accelerated datamodels and upgrade CIM version and the update adds new fields in datamodels...
What then? Will my datamodels keep at old definition version since t...
...an see field alias fields values however when we search in datamodel crowdstrike logs are not getting accelerated .
Request your help to troubleshoot the issue.
...here is one issue: manually cloned datamodel easy accelerates and Splunk s CIMdatamodel doesn`t. The only difference - these datamodels belongs to different apps.
Maybe anyone have faced with s...
My company is heavily using CIMaccelerated datamodels for our security monitoring. We are currently experiencing performance issues and we think that datamodelacceleration is contributing to t...
We are running the latest versions of Splunk Enterprise, Splunk Enterprise Security, and Splunk Common Information Model (CIM) [SA_CIM]. I can enable acceleration for the Email datamodel, but it n...
I have installed the CIM app done all of the event typing and tagging to get my data into the datamodels relevant to my environment. I have accelerated those datamodels. It's a clustered e...
Having trouble wrapping my head around the various "times" associated with datamodelacceleration. In the CIM setup, you have "Earliest Time" which the docs define as "How far back in time the S...