Release notes for the Splunk Common Information Model Add-on
Version 4.15.0 of the Splunk Common Information Model Add-on was released on 2/12/2020.
New features
Version 4.15.x of the Splunk Common Information Model Add-on includes the following new features.
| Enhancement | Description |
|---|---|
python.version flag is now explicitly set to python 3
|
CIM 4.15.x is Python 3 compliant and is fully compatible with all versions of Splunk Enterprise 7.0.x and later, plus future versions of Splunk Enterprise that ship with the Python 3 interpreter. See Upcoming changes to Splunk Enterprise. |
New dest_port field in the web data model
|
The field is used, for example, in tracking multiple websites that are hosted on the same server using the same url and different ports.
See Web data model. |
| Machine Learning Toolkit functionality replaces Predictive Analytics dashboard | MLTK is more robust for finding different varieties of anomalous events in your data than the | predict command used by the Predictive Analytics dashboard. See Machine Learning Toolkit Overview in Splunk Enterprise Security.
|
| Single page view | New way to view which models use the same fields. See CIM fields per associated data model. |
Upgrade requirements
| Splunk platform version | Upgrade activity |
|---|---|
| 7.0.x or later | If you apply custom tags to data mapped to CIM data models and you use these tags in searches and search filters, add these tags to the whitelists for those models. See Set up the Splunk Common Information Model Add-on for details about the tags whitelist field. |
Compatibility
Version 4.15.x of the Splunk Common Information Model Add-on requires Splunk platform version 7.0.x or later. Some workarounds, such as the datamodels spec workaround for tags_whitelist and poll_buckets, are no longer available in version 7.0.x and later. This might lead to btool check warnings at startup.
Fixed issues
This version of the Splunk Common Information Model Add-on fixes the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-01-28 | CIM-887 | CIM Setup: Wildcarded index filters are rendered with out the wildcard |
| 2020-01-28 | CIM-884 | Clicking Save on the CIM Setup page causes warning about invalid backfill range |
Known issues
This version of the Splunk Common Information Model Add-on has the following reported known issues. If this section is empty, this release has no reported known issues.
Deprecated or removed features
As of version 4.15.0:
- The Predictive Analytics dashboard is removed in favor of Machine Learning Toolkit functionality.
As of version 4.14.0:
- The Predictive Analytics dashboard has been deprecated in favor of Machine Learning Toolkit functionality and will be removed in a future version.
As of version 4.13.0:
- N/A
As of version 4.12.0:
- The modaction_invocations_rest_handler.py (alerts/modaction_invocations) has been deprecated and will be removed in a future version.
- The following previously deprecated configurations have been removed.
`search_activity`macro`search_typer`macro
- Deprecated data models: Application State and Change Analysis
As of version 4.11.0:
- The index definition
cim_summaryhas been removed. - Several configurations are deprecated and will be removed in a future release.
datamodel_for_audittrailtransformsavedsearch_name_for_audittrailtransformuser_for_audittrailtransform
Third-party software attributions
The Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.
| Set up the Splunk Common Information Model Add-on | Support and resource links for the Splunk Common Information Model Add-on |
This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.15.0
Download manual
Feedback submitted, thanks!