![]() ![]() In versions of the Splunk platform prior to version 6.5.0, these were referred to as data model objects.ĭifference between the Endpoint and Change data models Note: A dataset is a component of a data model. The datasets for Processes and Services are for the launch of processes and services and not to observe a running process or service. For administrative and policy types of changes to infrastructure security devices, servers, and endpoint detection and response (EDR) systems, see Change.Endpoint in the Change data model. If an event is about an endpoint process, service, file, port, and so on, then it relates to the Endpoint data model. The Endpoint data model is for monitoring endpoint clients including, but not limited to, end user machines, laptops, and bring your own devices (BYOD). Each data set is directly searchable as DataModel.DataSet rather than by node name. The architecture of this data model is different than the data model it replaces. The Endpoint data model replaces the Application State data model, which is deprecated as of software version 4.12.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |