I have one Splunk instance where I ran a search and exported the data in a csv file, xml file, and a raw file. The data contained is mostly Windows event logs, "process command line", "creator process", ect. I am trying to import this data into another Splunk instance. When the data is imported, I noticed some fields are missing, like "process command line". I tried each file type and had no success. I also reviewed the data in the fields and all of the fields and values are present. Essentially, I am trying to import data similar to Splunk BOTS GitHub - splunk/botsv3: Splunk Boss of the SOC version 3 dataset.
... View more