Verify That the Events Are Enriched

After you finish enriching your new data source, you should verify that the output matches your enrichment information. By convention, the index where the new messages are indexed is called squid_index_[timestamp] and the document type is squid_doc.

From the Alerts UI, search the source:type filter for squid messages and ensure that they display your enrichment information.