Verify That the Events Are Enriched
After you finish enriching your new data source, you should verify that the output
matches your enrichment information. By convention, the index where the new messages are
indexed is called squid_index_[timestamp] and the document type is
squid_doc.
From the Alerts UI, search the
source:type filter for squid
messages and ensure that they display your enrichment information.