Release notes for the Splunk Common Information Model Add-on
New features
Version 4.2.0 of the Splunk Common Information Model Add-on includes the following new features:
Resolved date | Issue number | Description |
04/10/15 | CIM-280 | Move Missing Extractions and Untagged Searches to a new data model: CIM Validation (S.o.S.) |
02/25/15 | CIM-277 | Add lookup for corporate web domains. |
12/09/14 | CIM-268 | Convert eventtype_tag_center to Simple XML due to Advanced XML deprecation. |
Fixed issues
Version 4.2.0 of the Splunk Common Information Model Add-on fixes the following issues:
Resolved date | Defect number | Description |
02/20/15 | CIM-247 | Field "icmp_type" in Network Traffic data model should be a number, not a string. |
02/20/15 | CIM-272 | Command datamodelinfo should indicate that it only returns results for accelerated models. |
02/20/15 | CIM-251 | Field "time_submitted" in Ticket Management data model should be a time, not a string. |
02/19/15 | CIM-248 | Field "file_size" in Change Analysis data model should be a number, not a string. |
02/19/15 | CIM-252 | Field "entry" for Network Resolution data model is not needed and should be removed. |
02/27/15 | CIM-278 | Malware src field is missing. |
Known issues
Version 4.2.0 of the Splunk Common Information Model Add-on has the following known issues:
Date | Defect number | Description |
10/24/14 | CIM-238 | BaseEvent object hierarchy makes accelerated search unwieldy. |
10/03/14 | CIM-221 | In Ticket Management, field "dest" should be used for the machine that the ticket concerns. |
10/03/14 | CIM-221 | Field extraction should avoid variable keys whenever possible. |
10/03/14 | CIM-220 | Event types should avoid KV whenever possible. |
07/07/14 | CIM-169 | Remote search log warning messages from acceleration due to long search strings. Workaround: turn off truncation on indexers in etc/system/local/props.conf as shown:
|
10/11/13 | CIM-85 | Inconsistent use of url and uri in Web data model fields. |
Third-party software attributions
Version 4.2.0 of the Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.
Install the Splunk Common Information Model Add-on | Support and resource links for the Splunk Common Information Model Add-on |
This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.2.0
Feedback submitted, thanks!