All Apps and Add-ons

Malware Data Model populates, then data disappears.

jordanperks
Path Finder

I have an issue with the malware data model. All other data models appear to be functioning properly.

This issue I am having is that after I initiate a rebuild and the rebuild completes, I can Pivot to the data and utilize without issue. After I leave that Pivot and come back and try to the exact same thing there is 0 results. This is true not only with Pivot, but with accessing the data in any way such as trying to load the malware dashboards with Enterprise Security. The data will be there at first access and then gone on all subsequent access attempts.

If I perform a search for the populating search for the data model all data I expect to be returned is present.
tag=attack AND tag=malware

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hey, take a look at the data model acceleration reports... I bet you're having a problem with acceleration not working right.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...