Added a root event object to data model as so:
index="main" host="*S100-L543*" source!="*geoip*" AND source!="*.xml" AND source!="*.config" AND ( _raw="*Exception*" OR _raw="*Stack Trace*" OR _raw="*Stack trace*" OR _raw="*stack trace*" )
Whenever I use this search through the search bar in the search app, it works with no errors, however, I get this error:
Error in 'eval' command: The arguments to the 'searchmatch' function are invalid.
when attempting to use the datamodel command as such:
| datamodel Exceptions_Data_Model exceptions search
↧