Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sorted by:
02-23-2022
01:08 AM
I have this 'Email' Data Model in ES. The model is populated by macro and tags(2 eventypes populated by saved searches) (`cim_Email_indexes`) tag= IS_Email The two eventtypes have I...
Labels
...his DM in all 3 Search Head members and Macro too will be updated in all 3 SH members ?
Question 2 - or should i make above changes in "Splunk_SA_CIM" app under "local" folder in macros.conf and data...
Labels
- Labels:
-
data model
04-19-2019
07:48 AM
...ime By Status' that when I send to a search returns values other than HTTP status codes (200, 401, etc).
I do a pivot of the web data model and select 'status' and 'sourcetype' and I see the p...
02-24-2020
10:54 PM
1 Karma
Hello,
I was curious to see if there are any best practices for mapping to CIM data models. More specifically, I'm looking for some guidelines on when (not) to map a certain field to a datamodel....
11-28-2017
12:43 PM
...owtousethesereferencetables , I open "Settings: (Knowledge) Data models" (the Data Model Editor) and then click on the JVM data model. I get a nasty 404 error:
404 Not Found
[Return to Splunk home p...
01-14-2020
08:17 AM
Hi,
I'm sure a similar Quest has already been posted - but I can't find anything regarding my exact problem.
However, I'm using a Data Model to unify about 30 sourcetypes with kinda-similar data...
Labels
- Labels:
-
calculated field
-
data model
12-23-2020
10:40 AM
...he datamodel The problem we have is that when we enter a new user in the loockup, if the data model is accelerated, it never updates the information for this new user, if we do not accelerate the data...
Labels
- Labels:
-
access control
-
other
-
permissions
10-29-2015
06:28 AM
2 Karma
I have an environment with a large number of sourcetypes and would like to map those to the appropriate CIM data model. While I generally know about the Splunk commands pivot and datamodel, their u...
10-21-2017
10:02 AM
...plunk about this topic is difficult for me understand, most likely
I have low technical knowledge.
Even when I translated half of information about Data Models in Splunk documentation into my native l...
- Tags:
- splunk-enterprise
05-14-2020
09:57 AM
Hello,
I have a question about modification of data model in CIM:
I would like to add one child dataset to DM "Change". Can I do it by separate application?
What I mean exactly: If I create a m...
Labels
- Labels:
-
configuration
