All Apps and Add-ons

CIM Add-On or Application, which one is it?


Why do so many people call the CIM Add-On an application? From everything that I learned so far wouldn't it just be considered an Add-On instead of an application? I need to understand this for testing purposes.

Labels (1)
0 Karma

Loves-to-Learn Lots

The Splunk Common Information Model (CIM) Add-On is often referred to as an application because it provides functionality beyond that of a typical add-on. While the CIM Add-On does function as an add-on in that it extends the capabilities of Splunk, it also provides pre-built dashboards, reports, and field extractions that are typically associated with applications.

The CIM Add-On is specifically designed to help users implement the CIM, which is a standard data model that enables users to normalize their data and correlate events across different data sources. As such, the CIM Add-On provides a set of pre-configured field extractions and tags that map to the CIM, making it easier for users to normalize their data.

In addition, the CIM Add-On also includes pre-built dashboards and reports that provide insights into security, network, and other operational data, which are features typically associated with applications.

Overall, while the CIM Add-On is technically an add-on, it is often referred to as an application because it provides a more comprehensive set of features and functionality than a typical add-on. Understanding this distinction may be important for testing purposes, particularly if you need to understand how the CIM Add-On interacts with other add-ons or applications in your Splunk environment.

0 Karma

Ultra Champion

The naming depends on the context.

From the Splunk "internals" point of view, an app is just a bunch of files packed together and a namespace in which those are placed. So anything you download from splunkbase or buld yourself is an app. Splunk also comes with several built-in apps like "search".

The other perspective is the traditional distinction between an "Add-On" which provides the "backend" functionality like inputs definition, extractions, calculated fields, aliases and so on and so on. And "Apps" which contain the user-facing components like reports and dashboards. But that's just a convention which is not always kept, especially by independent authors.

0 Karma
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...