hi,
we would like to create events in the CIM format, such as for authentication.
before starting we would like to clarify the impact to other application
(using such events for any analyses) if our events
is there any CIM data health checker?
best
stephen
To answer your questions
The event will be categorised particular data model if it meets the base criteria. i.e For authentication all the events matching following SPL will be part of authentication data model.
tag=authentication
How's this?
SA-cim_validator
https://splunkbase.splunk.com/app/2968/