1. Make sure 'Symantec DLP Appliance' and 'External DLP' is activated
Create a CIQ profile containing 'Risks'
Attach that CIQ Profile in FT Policy
Now, login into Splunk
Enter the 'dlp query'
Copy the log
Paste the log into JSON formatter
View newly generated deep links