Hi,
I am new to Data models and accelerations, too. I am trying to parse log for a data model and ES. The log parsing is moving now, but far from the final solution, I can search by Data model/Pivot.
I checked the Enterprise Security dashboard, but it does not show anything that can be linked to this logs. I executed the dashboards searches manually, still shows no event matched. (| tstats...) Then I checked Data model acceleration status:
ACCELERATION
Rebuild Update Edit
Status Building
Access Count 0.
Last Access: -
Size on Disk 0 B
Summary Range 31536000 second(s)
Buckets 0
Updated 1/1/70 1:00:00.000 AM
What couse the problem, how can I debug and fix it?
This is the Malware data model, there are events with tag malware and attack. There are events with some action and dest fields to.
Regards,
István
↧
