I am trying to set up ES and having some issues with Network_Traffic data model. I am getting logs from the firewalls with tags network and communicate, and I also created field alias for some of the fields. But the Network_Traffic data model still doesn't show any results. Any idea how to troubleshoot the issue?
I am getting 0 results after executing this command: | datamodel Network_Traffic All_Traffic search
***I also looked into this document: http://docs.splunk.com/Documentation/ES/3.1/Install/Networkdashboard
↧