https://community.splunk.com/t5/Splunk-Dev/Best-CIM-data-Model-for-User-Activities-Data/m-p/508321#M9082 <P>I'm trying to apply CIM model on User activity data. E.g.&nbsp;Session Activities,Process Activities,Network Activities</P><P>&nbsp;</P><P>Which data model ( CIM ) best fit for this type of data ?&nbsp;</P><P>&nbsp;</P><P>P.S. I find Endpoint Data Model useful. is it correct data model ?</P> Thu, 09 Jul 2020 14:32:43 GMT manan_amin 2020-07-09T14:32:43Z https://community.splunk.com/t5/Splunk-Dev/Best-CIM-data-Model-for-User-Activities-Data/m-p/508321#M9082 <P>I'm trying to apply CIM model on User activity data. E.g.&nbsp;Session Activities,Process Activities,Network Activities</P><P>&nbsp;</P><P>Which data model ( CIM ) best fit for this type of data ?&nbsp;</P><P>&nbsp;</P><P>P.S. I find Endpoint Data Model useful. is it correct data model ?</P> Thu, 09 Jul 2020 14:32:43 GMT https://community.splunk.com/t5/Splunk-Dev/Best-CIM-data-Model-for-User-Activities-Data/m-p/508321#M9082 manan_amin 2020-07-09T14:32:43Z https://community.splunk.com/t5/Splunk-Dev/Best-CIM-data-Model-for-User-Activities-Data/m-p/508350#M9083 IMO, the events you describe are covered by separate data models. Authentication, Network Session, Endpoint, etc. Use the model that contains the events you need for the use case. It's possible to use more than one data model in a search. Thu, 09 Jul 2020 16:52:58 GMT https://community.splunk.com/t5/Splunk-Dev/Best-CIM-data-Model-for-User-Activities-Data/m-p/508350#M9083 richgalloway 2020-07-09T16:52:58Z