Accelerate data models to build InfoSec app for Splunk dashboards

Accelerate data models after you confirm that the correct event data is fed into the data models that are required for the Splunk InfoSec app. You must accelerate each of the data models.

You can only accelerate the data models after you confirm that they are fed with the correct event data because after acceleration, the data models cannot be edited without first disabling the acceleration.

Accelerate a data model

Perform the following steps on all the data models that are fed event data. This example uses the Authentication data model, but you can follow these steps to accelerate any data model.

Don't accelerate a data model that contains no event data.

1. On the Splunk Platform menu bar, select Configure > Settings > Data models.
2. Identify the Authentication data model.

   Do not click on the '''Authentication''' data model because you must work within the current web page.

3. From the Actions column, select Edit > Edit Acceleration.
4. In the Edit Acceleration dialog box, perform the following actions:
   1. Check Accelerate.
   2. Set the Summary Range to a suitable time frame.
   3. Click Save.
   When the Splunk platform starts to build the data model accelerations, track the progress of the accelerations from the Health dashboard of the InfoSec app. The InfoSec app is configured to work with your data sources.
5. View each of the InfoSec app dashboards from the menu bar starting with Security Posture.
6. Confirm that all the dashboards are populating with data. If you find a dashboard that is not populating, you might not have the required data source within your Splunk platform to feed the dashboard. For more information on troubleshooting, see Troubleshoot the Splunk InfoSec app.