All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

CIM: is it a problem if own events do not include ALL CIM fields or include MORE than the pre-defined CIM fields?

DrFedtke
Explorer
‎11-26-2017 10:47 PM

hi,

we would like to create events in the CIM format, such as for authentication.
before starting we would like to clarify the impact to other application
(using such events for any analyses) if our events

  • will not include ALL fields of the CIM standard model
  • will include also other fields that are not part of the CIM standard

is there any CIM data health checker?

best
stephen

0 Karma
Reply

hardikJsheth
Motivator
‎11-27-2017 04:13 AM

To answer your questions

  • It's not mandatory that event should contain all the fields as defined in data model.
  • It can have additional fields.

The event will be categorised particular data model if it meets the base criteria. i.e For authentication all the events matching following SPL will be part of authentication data model.

tag=authentication
0 Karma
Reply

HiroshiSatoh
Champion
‎11-26-2017 11:13 PM

How's this?

SA-cim_validator
https://splunkbase.splunk.com/app/2968/

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...