Hi all,
I have upgraded my Splunk from 6.6.6 to 7.1.1 and installed a new Splunk CIM version(4.12). I accelerated a few data models like malware, network traffic and change analysis. Malware data model is 100% completed. When I try with the search query `| tstats count from datamodel=Malware | sort -count`, it returns 28. So i assume the data model has some data. But it is not showing any data from it.
Note: other data models are in the process of building. My search peers are running 6.6.6(I dont think it matters)
Any idea why it is not showing any data?
↧