Creating a Data Model in Graphical Mode

From the Management > Advanced Features > Data Models page, you can create a data model and enable it. Then you can use the data model to analyze results in the normalized format.

In graphical mode, a wizard helps you to create a data model in the following steps:

1. Define a source filter
2. Add sample events and parsing rules
3. Manage columns and data types

Procedure
1. Go to Management > Advanced Features > Data Models.
2. Click Create New Data Model. By default, the graphical mode opens.
   For instructions on how to add in raw mode, see Creating a Data Model in Raw Mode.
3. On the Add data model page, provide the following information:
   1. By default, the data model is enabled. Click the slider to OFF to disable the model.
   2. Parent Group: Select a parent group where you want to save the data model. 

      You can create a new group or select the User group, or select any user-created group

      Default parent group: When creating a nested group within any 'All' group (for example, All Rules, All Bloks, and so on), the User group is the default group. Otherwise, the current parent group is selected as the default group.

   3. Name: Enter the name of the data model.

      The name can include letters, numbers, or underscore (_).

   4. (Optional) Enter the description in the Description field.
4. Add a new source filter. For instructions, see Defining a Source Filter.
5. Add sample events and define a parsing rule. For instructions, see Adding a Parsing Rule in an Advanced Data Model
6. Manage your custom columns. For instructions, see Managing Columns and Data Types.
7. Click Save.