Splunk® Common Information Model Add-on

Common Information Model Add-on Manual

This documentation does not apply to the most recent version of Splunk® Common Information Model Add-on. For documentation on the most recent version, go to the latest release.

Release notes for the Splunk Common Information Model Add-on

New features

Version 4.5.0 of the Splunk Common Information Model Add-on includes the new features:

Issue number Description
CIM-352 Change the summary range for data model accelerations using CIM setup.
CIM-323 Extend the Malware data model with vector-url and vector-sender fields
CIM-96 Add a data model for Data Loss Prevention use cases.
SOLNESS-8156 Extend the Splunk Audit Logs data model for modular alert auditing.
SOLNESS-9309 Add the index definition cim_modactions for use with the common action model alerts and auditing.

Fixed issues

This version of the Splunk Common Information Model Add-on fixes the issues:

Defect number Description
CIM-307 Improper call to addCellRenderer and render from predictive_analytics.js.

Known issues

This version of the Splunk Common Information Model Add-on has the known issues:

Date Defect number Description
2014-10-24 CIM-238 BaseEvent object hierarchy makes accelerated search unwieldy. Workaround: Update to Splunk Enterprise 6.3 or later.
2014-10-10 CIM-226 In Ticket Management, field "dest" should be used for the machine that the ticket concerns.
2014-07-07 CIM-169 / SPL-92488 Remote search log warning messages from acceleration due to long search strings. Workaround: turn off truncation on indexers in etc/system/local/props.conf as shown:

[splunkd_remote_searches]
TRUNCATE = 0

2013-10-11 CIM-85 Inconsistent use of url and uri in Web data model fields.

Deprecated features

  • The index definition cim_summary is deprecated and is only used to support backward compatibility with upgraded versions of Enterprise Security. The index definition will be removed in a future release.

Third-party software attributions

The Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.

Last modified on 13 June, 2016
Install the Splunk Common Information Model Add-on   Support and resource links for the Splunk Common Information Model Add-on

This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.5.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters