Splunk® Common Information Model Add-on

Common Information Model Add-on Manual

This documentation does not apply to the most recent version of Splunk® Common Information Model Add-on. For documentation on the most recent version, go to the latest release.

Install the Splunk Common Information Model Add-on

  1. Download the Common Information Model add-on from Splunkbase at https://apps.splunk.com/app/1621/.
  2. Review the indexes defined in CIM.
    1. The previously deprecated cim_summary index definition is now removed. If you have a custom configuration for this in your local indexes.conf file, it will persist as-defined.
      1. If you are no longer using this index definition, remove the stanza from your local indexes.conf file before installation.
      2. If you are still using it, you will need to revise the stanza if you were previously relying on parts of the deprecated default cim_summary index definition.
    2. The cim_modactions index definition is used with the common action model alerts and auditing. Make sure that the index exists and assign the appropriate Roles to search the index.
  3. Install the Splunk Common Information Model Add-on to your search heads only.

    Refer to Installing add-ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

Next: See Set up the Splunk Common Information Model Add-on to perform optional configurations to improve performance.

Last modified on 08 July, 2021
Overview of the Splunk Common Information Model   Set up the Splunk Common Information Model Add-on

This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.11.0, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.16.0, 4.17.0, 4.18.0, 4.18.1, 4.19.0, 4.20.0, 4.20.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters