Accelerated data models have made performing searches over large periods of time and/or large amounts of data extremely fast. This blog will go through an easy, cut through, step by step procedure on how to create a custom search while leveraging the CIM data model.

 

Example Use Case: Monitor all Windows user/computer account creation.

 

Step 1: Make sure Windows data is coming into Splunk according to best practices. This means the data should be properly indexed, sourcetyped, etc.

 

Step 2:...