Hello,
I am trying to find the way to managedatamodels using REST endpoints:
http://docs.splunk.com/Documentation/Splunk/6.3.1/RESTREF
May main objectives are:
Launch datamodel r...
I've created a datamodel and want to search it in my external Javascript. For my first attempt, a SearchManager would not start the search using the datamodel query:
var datamodelSearch = n...
...models.conf in deployer and push to SHC ?
Question 3 - What is the correct way to manage/update datamodels config in "Splunk_SA_CIM" app like adding indexes/enabling acceleration/adding removing f...
Hello!! I have a question about how to do something. Within an index I have a field called entity, this corresponds to companies to which we manage their products. In total we have 130 different e...
...nto the datamodel? I certainly could modify my script to transform the data before ingesting, but I'd prefer Splunk to do the heavy lifting. I'd like to be able to merge in things like comments and t...
To change the default datamodel location and cache manager location( smart store enabled) on an indexer I see we have 2 options. 1) Updating splunk-launch.conf with SPLUNK_DB =<c...
I have several questions about data architecture that are rooted in CIM datamodels and performance considerations.
Background: We have about 2T of new log data every day. Some sourcetypes get 1...
...ith,one
substring2,this,has,substring1,all,three,substring3
here,there,are,no,substrings
this,only,substring3,substring1,has,two
Ideally I would like to encorporate the logic within a datamodel, w...
Does it make sense to turn datamodel acceleration on for the Incident Management datamodel (default summary range is "None")? Of concern in this case is the Expired Entity Activity search in S...