Release notes for the Splunk Common Information Model Add-on
Version 4.13.0 of the Splunk Common Information Model Add-on was released on April 2, 2019.
Version 4.13.x of the Splunk Common Information Model Add-on includes the following new features.
acceleration.manual_rebuildsparameters are enabled by default in
datamodels.conf. This disables automatic rebuilds for persistently accelerated data models. If you need to rebuild a datamodel for a model stanza that specifies
manual_rebuilds=trueyou should do so manually. See Manual Data Model Management in the Splunk Enterprise Knowledge Manager Manual.
process_guidfield now exists in all objects in the Endpoint Data Model. This is a globally unique identifier of the process assigned by the vendor product. See Endpoint.
splunk_realmfields now exist in the All_Ticket_Management dataset in the Ticket Management Data Model. When a Splunk solution generates a notable event, or set of notable events, these fields are a standard means of tracking the unique ID associated with the solution and the event. See Ticket Management.
|Splunk platform version||Upgrade activity|
|6.6.X or later||If you apply custom tags to data mapped to CIM data models and you use these tags in searches and search filters, add these tags to the whitelists for those models. See Set up the Splunk Common Information Model Add-on for details about the tags whitelist field.|
Version 4.13.x of the Splunk Common Information Model Add-on requires Splunk platform version 6.5.x or later. Some functions on the CIM setup page, such as the accelerate until max time setting, are only available in version 6.6.x and later.
This version of the Splunk Common Information Model Add-on fixes the following issues.
|Date resolved||Issue number||Description|
|2019-01-31||CIM-785||index=_internal was not properly removed from tag=modaction|
|2018-12-20||CIM-784||Common Action Model calculates info_file incorrectly when using per-result alerting|
|2018-11-15||CIM-778, SOLNESS-14831||Excessive log rotation error on Windows for correlationmigration_rest_handler.log file, required manual roll of file|
|2018-10-10||CIM-645||CIM doesn't support multi-value tcp flags in the network traffic data model|
This version of the Splunk Common Information Model Add-on has the following reported known issues.
|Date filed||Issue number||Description|
|2019-09-16||CIM-869||Adhoc Modular Actions: Splunk users with spaces in their name unable to dispatch adhoc actions|
|2019-04-30||CIM-813||Fields with leading uppercase do not MV properly|
Use fieldname starting with lowercase letter for multivalue fields instead
|2019-03-01||CIM-797||CIM Setup Page on Splunk Enterprise 7.2 shows navigation items from other app|
As of version 4.13.0:
As of version 4.12.0:
- The modaction_invocations_rest_handler.py (alerts/modaction_invocations) has been deprecated and will be removed in a future version.
- The following previously deprecated configurations have been removed.
- Deprecated data models: Application State and Change Analysis
As of version 4.11.0:
- The index definition
cim_summaryhas been removed.
- Several configurations are deprecated and will be removed in a future release.
Third-party software attributions
The Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.
Set up the Splunk Common Information Model Add-on
Support and resource links for the Splunk Common Information Model Add-on
This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.13.0