Release notes for the Splunk Common Information Model Add-on

New features

Version 4.2.0 of the Splunk Common Information Model Add-on includes the following new features:

Resolved date	Issue number	Description
04/10/15	CIM-280	Move Missing Extractions and Untagged Searches to a new data model: CIM Validation (S.o.S.)
02/25/15	CIM-277	Add lookup for corporate web domains.
12/09/14	CIM-268	Convert eventtype_tag_center to Simple XML due to Advanced XML deprecation.

Version 4.2.0 of the Splunk Common Information Model Add-on fixes the following issues:

Resolved date	Defect number	Description
02/20/15	CIM-247	Field "icmp_type" in Network Traffic data model should be a number, not a string.
02/20/15	CIM-272	Command datamodelinfo should indicate that it only returns results for accelerated models.
02/20/15	CIM-251	Field "time_submitted" in Ticket Management data model should be a time, not a string.
02/19/15	CIM-248	Field "file_size" in Change Analysis data model should be a number, not a string.
02/19/15	CIM-252	Field "entry" for Network Resolution data model is not needed and should be removed.
02/27/15	CIM-278	Malware src field is missing.

Version 4.2.0 of the Splunk Common Information Model Add-on has the following known issues:

Date	Defect number	Description
10/24/14	CIM-238	BaseEvent object hierarchy makes accelerated search unwieldy.
10/03/14	CIM-221	In Ticket Management, field "dest" should be used for the machine that the ticket concerns.
10/03/14	CIM-221	Field extraction should avoid variable keys whenever possible.
10/03/14	CIM-220	Event types should avoid KV whenever possible.
07/07/14	CIM-169	Remote search log warning messages from acceleration due to long search strings. Workaround: turn off truncation on indexers in `etc/system/local/props.conf` as shown: `[splunkd_remote_searches]` `TRUNCATE = 0`
10/11/13	CIM-85	Inconsistent use of url and uri in Web data model fields.

Version 4.2.0 of the Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.