Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
197 results
Sorted by:
03-16-2022
06:51 AM
We are currently using a Splunk Enterprise environment with one search head and one indexer. We enabled data model acceleration because the performance of the search became poor as we used the s...
Show results in replies (4)
-
...pecified explicitly in the docs - the acceleration.source_guid parameter must be set on a per data...
-
Try this - https://docs.splunk.com/Documentation/Splunk/8.2.5/Knowledge/Sharedatamodelsummaries
-
Thank you for your response. It was very helpful.
-
I want to have two completely independent search heads connecting to the same indexer, ...
11-09-2021
01:59 AM
...ACCELERATE_ I accessed the Data Models page and expanded the CIM Validation (S.o.S) data model. The information I got is: "Access Count: 0 - Last Access: -) while size is 750MB and frequently updated. M...
- Tags:
- splunk_cim
Labels
07-26-2021
06:14 PM
Hi All, I'm not that familiar with DMA as I have not had any exposure really to setting up data models so far but am currently having an issue atm with DMA not saying active. We had to disabled D...
Labels
02-10-2021
04:57 PM
Not sure where & how to address the below skipped job. I would appreciate any guidance Report Name Skip Reason (Skip Count) Alert Actions _ACCELERATE_DM_SA-IdentityManagement_I...
- Tags:
- skipped job
Labels
- Labels:
-
report acceleration
03-24-2018
06:31 PM
My Splunk architecture is having 8 Searchheads in a cluster and 40 indexers in a cluster.
If i have to accelerate the data models, i have to update datamodels.conf in all the searchheads. So, I a...
02-20-2020
09:28 AM
Hello Im running splunk data model acceleration And it stopped working. It is stuck in skipping and nothing happens With “summariesonly=true” i get no results but if i set it to false i get r...
Labels
- Labels:
-
data model
-
report acceleration
02-14-2017
10:16 AM
Hi guys -
I have 3 data models, all accelerated, that I would like to join for a simple count of all events (dm1 + dm2 + dm3) by time.
3 single tstats searches works perfectly.
Search 1
| t...
02-28-2022
06:24 AM
I have an accelerated CIM data model. The indexes used to populate the datamodel (and accelerated summaries) are defined by a macro (a typical CIM approach - cim_Email_indexes, c...
Labels
- Labels:
-
data model
-
summary indexing
12-23-2020
10:40 AM
...he datamodel The problem we have is that when we enter a new user in the loockup, if the data model is accelerated, it never updates the information for this new user, if we do not accelerate the data...
Labels
- Labels:
-
access control
-
other
-
permissions
11-23-2018
05:34 AM
...ndexers, with datamodels. On the indexers i can see the datamodels accelerated and they have a size, this makes sence and the data comes into the indexers->indexs and it is accelerated.
I also h...
