Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Verify That Events Are Indexed

After you add your new data source, you should verify that events are indexed and output matches any Stellar transformation functions you used.

From the Alerts UI, search the source:type filter for the $DATASOURCE messages.
By convention, the index of new messages is called $DATASOURCE_index_[timestamp] and the document type is $DATASOURCE_doc.