Hello,
I am trying to find the way to manage datamodels using REST endpoints:
http://docs.splunk.com/Documentation/Splunk/6.3.1/RESTREF
May main objectives are:
Launch datamodel r...
I've created a data model and want to search it in my external Javascript. For my first attempt, a SearchManager would not start the search using the data model query:
var datamodelSearch = n...
...nto the data model? I certainly could modify my script to transform the data before ingesting, but I'd prefer Splunk to do the heavy lifting. I'd like to be able to merge in things like comments and t...
To change the default data model location and cache manager location( smart store enabled) on an indexer I see we have 2 options. 1) Updating splunk-launch.conf with SPLUNK_DB =<c...
Does it make sense to turn data model acceleration on for the Incident Management data model (default summary range is "None")? Of concern in this case is the Expired Entity Activity search in S...
...onf2014_DavidClawson_Splunk_how to actually use data models
Learn How to Design, Build and Manage Data Models
Splunk-6.4.3-SearchReference-Datamodel
I am at a loss those on how to start. I have played around with t...
As stated in the title, I'm looking for someone tell the differences between the field user and src_user in the CIM Model Change Analysis (All_Change.Account_Management). The definitions in Splunk d...
Hello, I have been working on Splunk for a few months now, and we are using Splunk mainly for Cyber Security monitoring. I am wondering with regards to data model (CIM) should I create separate d...