Hmm, I'm not so sure. Wouldn't normalizing the data to the Splunk Common Information Model be important too? That would help ensure consistency and compatibility with ES.
This question is a bit tricky, but I think the key is understanding the Data Model and how it interacts with Elasticsearch (ES). If the raw data isn't properly extracted and normalized, it won't be usable by the Data Model or ES.
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Lashon
6 months agoZona
7 months agoJuan
7 months agoMike
7 months agoGlenna
8 months agoIzetta
8 months agoSalome
8 months agoAdell
6 months agoClare
6 months agoNorah
6 months agoDelsie
6 months agoBuddy
8 months agoLeonora
8 months agoFrancine
8 months ago