Using datamodels simplifies searching and can dramatically improve performance. This post is a breakdown of how this works, to answer the common question, "why should I use data models in Splunk?"

The Assets and Identities framework is the heart of an ES deployment. This post is a brainstorming of use cases (obvious and less obvious) for these two tables, that hopefully provides motivation to get this data organized.