Hello, I am trying to onboard Defender ATP alerts using Microsoft Defender ATP Add-on for Splunk (https://splunkbase.splunk.com/app/4959/) but I can see certain alerts being onboarded multiple times. Has anyone else come across this type of issue before? Thanks, Revati
... View more
I downloaded an accelerated data model and uploaded it in my other search head but I am only able to see data from 1 day before, whereas the data model in my other search head shows older data as well. I would like to know if this is happening because I created the data model today?
... View more