This documentation does not apply to the most recent version of Splunk® Common Information Model Add-on.
For documentation on the most recent version, go to the latest release.
Install the Splunk Common Information Model Add-on
- Download the Common Information Model add-on from Splunkbase at https://apps.splunk.com/app/1621/.
- Review the indexes defined in CIM.
- The previously deprecated
cim_summaryindex definition is now removed. If you have a custom configuration for this in your localindexes.conffile, it will persist as-defined.- If you are no longer using this index definition, remove the stanza from your local
indexes.conffile before installation. - If you are still using it, you will need to revise the stanza if you were previously relying on parts of the deprecated default
cim_summaryindex definition.
- If you are no longer using this index definition, remove the stanza from your local
- The
cim_modactionsindex definition is used with the common action model alerts and auditing. Make sure that the index exists and assign the appropriate Roles to search the index.
- The previously deprecated
Install the Splunk Common Information Model Add-on to your search heads only.
Refer to Installing add-ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:
Next: See Set up the Splunk Common Information Model Add-on to perform optional configurations to improve performance.
Last modified on 08 July, 2021
| Overview of the Splunk Common Information Model | Set up the Splunk Common Information Model Add-on |
This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.11.0, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.16.0, 4.17.0, 4.18.0, 4.18.1, 4.19.0, 4.20.0, 4.20.2
Download manual
Feedback submitted, thanks!