I want to manually move the data models "pan_firewall" i downloaded to the Search&Reporting in splunk enterprise.
i put the pan_firewall.json file into C:\Program Files\Splunk\etc\apps\search\default\data\models and i also moved the stanza in datamodels.conf and metadata in local.meta and default meta. i am able to search and display the datamodel by command |datamodel in the search bar but i could not search by | from datamodel:"pan_firewall" and it said Data model 'pan_firewall' was not found.
i am confused. Do i need to also move the stanza of other files such as event types, inputs, props etc, the files related to the data models to the search folder?
... View more