Hello All, I need your assistance to fetch the below details about Datamodels: - 1. What is the lifecycle of Splunk datamodel? 2. How Splunk logs events in _internal index when Splunk e...
When I pivot a particular datamodel, I get this error, "Datamodel 'Splunk_CIM_Validation.Vulnerabilities' had an invalid search, cannot get indexes to search" After inspecting the search.log, I n...
Hello As far I understand, the Splunk datamodel has two main goals 1) Data models enable users of Pivot to create compelling reports and dashboards without designing the searches that g...
My Web Datamodel was set to 3 months with 67 GB+ size on disk. I reduced the summary range to 1 month, and size on disk increased to 100 GB+ size on disk. This doesn't make sense, can someone help e...
Hello,
Is there a way to validate the fields used in the datamodel by how compliant they are with the current setup?
I am trying to validate and fix data models to receive optimum results in t...
Hello I have great difficulties to understand where to begin for using the CIM datamodel Is anybody can clearly summarize the different ways to apply a CIM datamodel in my own apps? Thanks in advance
I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which fields in endpoint datamodel. for example Image & ParentImage it s...
Hi, can someone one help me with an SPL so that I can list the indexes of a datamodel. datamodel name - authentication.malware Appreciate your help in advance.