Transparent federated search

AI summary

Learn about data model federated queries and how to configure transparent mode federated search.

About AI summaries.

Transparent mode federated search lets you query Imply Lumi events from Splunk® without the federated: prefix. This mode is required for data model queries and provides seamless integration between Lumi and Splunk data sources.

With transparent mode, you configure field mappings on a Lumi IAM key to translate between Splunk data model fields and Lumi event fields. The transparent federated provider then routes queries from Splunk to Lumi and returns results.

See Query events with data models for an overview of how data models work with Lumi, and Set up transparent federated search to configure the integration.