...ile with many lines.
I use the multikv command to split the each multi-line event into individual events. With datamodels that apparently is only possible when using root searches - I cannot use p...
I have a outbound flow that gets data written by App, mem and cards api. cards and mem api is writing logs into applog but App is writing logs in syslog.
In my datamodel I have sourcetype=a...
I'm trying to create an objectand add some auto-extracted attributes. Some field names contain curly braces because our JSON data contains array structures. As the screenshot shows, the field name i...
I've created a datamodeland want to search it in my external Javascript. For my first attempt, a SearchManager would not start the search using the datamodel query:
var datamodelSearch = n...
Hello,
I have created a DataModel which includes a "Root Transaction" Object, BASE SEARCH queries 3 different sourcetypes, I have 5 CALCULATED "Eval Expression" Attributes which I'm using to g...
We have a situation where we need to join two child objects of a datamodel. Both child objects have separate index and host.
e.g.
ProjectInformation (Datamodel Object...
Hello to everyone. Every dashboard with any type of "visualization" (pivot, for example) needs a datamodel. Datamodels have an owner, just like other objects. But how can I reassign the datamodel...
I added several objects to the "Vulnerabilities" datamodel. After that the Enterprise Security /Security Domains/Network/Vulnerability Center dashboard started showing inconsistent values in s...
...am having trouble searching from this datamodel.
The search I wrote:
| tstats max(Usage.field_value) from datamodel="Aggregate"
Where Usage is the root search objectand Aggregate is data...
...esigndatamodelobjects😞
This means that the tags whitelist configuration in Splunk CIM settings must have at least tags used within the constraints used in the specific datamodel.
Let's do an example w...