Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why are the Data Models not building?

mcxrisley08
Path Finder
‎03-26-2018 10:09 AM

I have recently rebuilt our server that hosts the Enterprise Security app here and I am having trouble with some of the Data Models not building. I have tried stop and restarting the acceleration of the models and they all still get stuck at building. Does anyone have any ideas why this may be?

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mcxrisley08
Path Finder
‎03-29-2018 06:45 AM

UPDATE: I finally fixed the issue with my data models. After doing some troubleshooting I determined that the data was not normalizing, so I downloaded some add-ons and the data models started building and were searchable within a few minutes.

View solution in original post

Reply
Solved! Jump to solution
Solution

mcxrisley08
Path Finder
‎03-29-2018 06:45 AM

UPDATE: I finally fixed the issue with my data models. After doing some troubleshooting I determined that the data was not normalizing, so I downloaded some add-ons and the data models started building and were searchable within a few minutes.

Reply
Solved! Jump to solution

mxg142
Explorer
‎05-05-2020 01:02 PM

What add-ons did you specifically download? I am experiencing the same thing so additional context as to what/why this is occurring and what you downloaded to fix the issue would be helpful.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎03-29-2018 07:51 AM

@mcxrisley08 If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

mcxrisley08
Path Finder
‎03-27-2018 06:15 AM

UPDATE: I still have not fixed this issue but have noticed that whenever I run a search for the tags associated with the data models that are not building, I get 0 results. So I created one of the tags to see if this would fix this issue. The search found the events but matched 0 of 1,879,456 events. Maybe the tags not existing or being able to find the data could be associated with the data models not building?

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...