Splunk® InfoSec App

Administration Guide

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Accelerate data models to build InfoSec app for Splunk dashboards

Accelerate data models after you confirm that the correct event data is fed into the data models that are required for the Splunk InfoSec app. You must accelerate each of the data models.

You can only accelerate the data models after you confirm that they are fed with the correct event data because after acceleration, the data models cannot be edited without first disabling the acceleration.

Accelerate a data model

Perform the following steps on all the data models that are fed event data. This example uses the Authentication data model, but you can follow these steps to accelerate any data model.

Don't accelerate a data model that contains no event data.

  1. On the Splunk Platform menu bar, select Configure > Settings > Data models.
  2. Identify the Authentication data model.

    Do not click on the '''Authentication''' data model because you must work within the current web page.

  3. From the Actions column, select Edit > Edit Acceleration.
  4. In the Edit Acceleration dialog box, perform the following actions:
    1. Check Accelerate.
    2. Set the Summary Range to a suitable time frame.
    3. Click Save.
    When the Splunk platform starts to build the data model accelerations, track the progress of the accelerations from the Health dashboard of the InfoSec app. The InfoSec app is configured to work with your data sources.
  5. View each of the InfoSec app dashboards from the menu bar starting with Security Posture.
  6. Confirm that all the dashboards are populating with data. If you find a dashboard that is not populating, you might not have the required data source within your Splunk platform to feed the dashboard. For more information on troubleshooting, see Troubleshoot the Splunk InfoSec app.
Last modified on 29 July, 2021
PREVIOUS
Validate data sources that feed the InfoSec app for Splunk data models
  NEXT
Extend the capabilities of the InfoSec app for Splunk

This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters