When I pivot a particular datamodel, I get this error, "Datamodel 'Splunk_CIM_Validation.Vulnerabilities' had an invalid search, cannot get indexes to search" After inspecting the search.log, I n...
I have an accelerated CIM data model. The indexes used to populate the datamodel (and accelerated summaries) are defined by a macro (a typical CIM approach - cim_Email_indexes, c...
Hello,
Is there a way to validate the fields used in the datamodel by how compliant they are with the current setup?
I am trying to validate and fix data models to receive optimum results in t...
Hi, can someone one help me with an SPL so that I can list the indexes of a datamodel. datamodel name - authentication.malware Appreciate your help in advance.
...roblem is, I cannot get anything to work related to GEOSTATS. Hopefully, I can lay this out in a simple manor..... Datamodel = test Extracted Fields: Client_IP (field within the log t...
Hi Splunk Team
I see this message on my entire datamodel, how can I fix it?
"This object has no explicit index constraint. Consider adding one for better performance."
How can fix it
Thanks
Hi All,
I have created a datamodel "Introspection_Usage" with global permission with the following dataset as given.
Datasets
EVENTS
introspection
Disk Objects
Hostwide Resource U...
...lusters, set it up as a source_guid into a default stanza on the other cluster (first cluster uses CIM app and ES, the second one has just CIM app with datamodel settings migrated from first cluster)....