All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Does the Common Information Model Add-on do anything out of the box?

hopnscotch
Path Finder
‎03-19-2014 06:43 AM

From everything I've read it looks like you just use the definitions in the model for fields and tags to alias or tag you events yourself. What does the add-on do?

0 Karma
Reply

aelliott
Motivator
‎03-19-2014 07:20 AM

Simply provides a standard method of parsing, categorizing, and normalizing data.

http://docs.splunk.com/Documentation/CIM/latest/User/Overview

The add-on is meant as an add-on, not an app. It is not meant to have a UI.
It's pretty powerful to display all your data into common formats. You can then create dashboards with those standard fields without having to re-invent the wheel every time.

There are several "CIM" compliant addons within the splunk apps and addons that some have already formatted popular logs into this format for you:
http://apps.splunk.com/apps/#/search/CIM%20compliant
http://apps.splunk.com/apps/#/search/Common%20Information%20Model
http://apps.splunk.com/apps/#/search/CIMifies

Reply

aelliott
Motivator
‎04-16-2014 11:29 AM

Correct.
The CIM provides normalization for many types of events and provides the data models for the Common Information Models.
In addition you can find other ones in the splunk apps.
Other than those resources, you have to create your own.

0 Karma
Reply

hopnscotch
Path Finder
‎04-16-2014 11:26 AM

I know there are other vendor specific add-ons that actually do the aliasing/normalization. From the answer above it looks like this add-on provides data models.

So any normalization actually needs to be done manually using the fields/tags from the model documentation (other than any vendor specific add-ons you can find).

Do I have that correct?

0 Karma
Reply

hazekamp
Builder
‎03-19-2014 12:20 PM

To build on aelliott's comments above, while this is not an app with a UI, we ship with approx 15 datamodels out of the box that can be used with the search app's Pivot interface. These can also be accelerated to provide a high performance column store that can be queried with "| tstats".

Reply
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...