Release notes for the Splunk Common Information Model Add-on
Version 4.20.2 of the Splunk Common Information Model Add-on was released on September 15, 2021.
New features
Version 4.20.2 of the Splunk Common Information Model Add-on includes no new features.
Upgrade requirements
| Splunk platform version | Upgrade activity |
|---|---|
| 8.0.x or later | If you apply custom tags to data mapped to CIM data models and you use these tags in searches and search filters, add these tags to the whitelists for those models. See Set up the Splunk Common Information Model Add-on for details about the tags whitelist field. |
Compatibility
Version 4.20.x of the Splunk Common Information Model Add-on requires Splunk platform version 8.0.x or later. Some workarounds, such as the datamodels spec workaround for tags_whitelist and poll_buckets, are no longer available in version 7.0.x and later. This might lead to btool check warnings at startup.
Fixed issues
This version of the Splunk Common Information Model Add-on fixes the following issues. If this section is empty, this release has no reported fixed issues.
Known issues
This version of the Splunk Common Information Model Add-on has the following reported known issues. If this section is empty, this release has no reported known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2022-08-31 | CIM-1108 | Adaptive Response relay errors occur when polling a Splunk Cloud search head cluster that is configured with the Spunk_SA_CIM modular action worker. Workaround: Following two options are available to resolve the errors: Option 1: Configure the search head cluster. This is a quick solution but might cause false positive errors.
Option 2: Enhancements to Splunk_SA_CIM: |
| 2022-06-29 | CIM-1099 | ES SOAR adaptive response actions not working. |
| 2022-03-16 | CIM-1087 | The Change.json data model includes incorrect constraint searches. |
| 2022-01-25 | CIM-1081 | Update "recommended" field for Change.user_name, Change.src_user_name, and Alerts.user_name. |
| 2021-07-02 | CIM-1040 | CIM 4.20.0 Setup link returns 404 Workaround: Access the setup page directly by going to https://<URL of your Splunk deployment>/en-US/app/search/cim_setup |
Deprecated or removed features
The following are deprecated or removed features for the last seven versions.
As of version 4.20.2:
- N/A
As of version 4.20.0:
- N/A
As of version 4.19.0:
- N/A
As of version 4.18.0:
- The
bodyfield is deprecated in favor of thedescriptionfield in the Alerts data model and will be removed in a future version. - The
subjectfield is deprecated in favor of thesignaturefield in the Alerts data model and will be removed in a future version.
As of version 4.15.0:
- The Predictive Analytics dashboard is removed in favor of Machine Learning Toolkit functionality.
As of version 4.14.0:
- The Predictive Analytics dashboard is deprecated in favor of Machine Learning Toolkit functionality and will be removed in a future version.
As of version 4.13.0:
- N/A
Third-party software attributions
The Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.
| Set up the Splunk Common Information Model Add-on | Support and resource links for the Splunk Common Information Model Add-on |
This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.20.2
Download manual
Feedback submitted, thanks!