In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?
In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?
After extracting the correct fields, the next step to include an eventtype in a data model node is to apply the correct tags. Tags help in categorizing and identifying the events properly, which aligns them with the data model schema and ensures they can be effectively used within data model nodes.
B is correct Admin ES - Slide 215
Can you post a link to the slides ?
which slide?
Pg. 191 on the Administering Splunk Enterprise Security 6.6
Correct. This is done to verify that your field extractions function correctly. <https://docs.splunk.com/Documentation/CIM/4.17.0/User/UsetheCIMtonormalizedataatsearchtime>
Correct answer is C. https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizeOSSECdata#Step_6:_Validate_your_CIM_compliance
B is correct. The order would be: Eventtypes -> Tags -> Data model definition -> Data model acceleration -> Searches
Friends, could you please confirm this answer?
C is correct
B is Correct