Splunk® Common Information Model Add-on

Common Information Model Add-on Manual

This documentation does not apply to the most recent version of Splunk® Common Information Model Add-on. For documentation on the most recent version, go to the latest release.

Release notes for the Splunk Common Information Model Add-on

New features

Version 4.2.0 of the Splunk Common Information Model Add-on includes the following new features:

Resolved date Issue number Description
04/10/15 CIM-280 Move Missing Extractions and Untagged Searches to a new data model: CIM Validation (S.o.S.)
02/25/15 CIM-277 Add lookup for corporate web domains.
12/09/14 CIM-268 Convert eventtype_tag_center to Simple XML due to Advanced XML deprecation.

Fixed issues

Version 4.2.0 of the Splunk Common Information Model Add-on fixes the following issues:

Resolved date Defect number Description
02/20/15 CIM-247 Field "icmp_type" in Network Traffic data model should be a number, not a string.
02/20/15 CIM-272 Command datamodelinfo should indicate that it only returns results for accelerated models.
02/20/15 CIM-251 Field "time_submitted" in Ticket Management data model should be a time, not a string.
02/19/15 CIM-248 Field "file_size" in Change Analysis data model should be a number, not a string.
02/19/15 CIM-252 Field "entry" for Network Resolution data model is not needed and should be removed.
02/27/15 CIM-278 Malware src field is missing.

Known issues

Version 4.2.0 of the Splunk Common Information Model Add-on has the following known issues:

Date Defect number Description
10/24/14 CIM-238 BaseEvent object hierarchy makes accelerated search unwieldy.
10/03/14 CIM-221 In Ticket Management, field "dest" should be used for the machine that the ticket concerns.
10/03/14 CIM-221 Field extraction should avoid variable keys whenever possible.
10/03/14 CIM-220 Event types should avoid KV whenever possible.
07/07/14 CIM-169 Remote search log warning messages from acceleration due to long search strings. Workaround: turn off truncation on indexers in etc/system/local/props.conf as shown:

[splunkd_remote_searches]

TRUNCATE = 0

10/11/13 CIM-85 Inconsistent use of url and uri in Web data model fields.

Third-party software attributions

Version 4.2.0 of the Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.

Last modified on 05 October, 2015
Install the Splunk Common Information Model Add-on   Support and resource links for the Splunk Common Information Model Add-on

This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters