All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Does the Common Information Model Add-on do anything out of the box?

hopnscotch
Path Finder
‎03-19-2014 06:43 AM

From everything I've read it looks like you just use the definitions in the model for fields and tags to alias or tag you events yourself. What does the add-on do?

0 Karma
Reply

aelliott
Motivator
‎03-19-2014 07:20 AM

Simply provides a standard method of parsing, categorizing, and normalizing data.

http://docs.splunk.com/Documentation/CIM/latest/User/Overview

The add-on is meant as an add-on, not an app. It is not meant to have a UI.
It's pretty powerful to display all your data into common formats. You can then create dashboards with those standard fields without having to re-invent the wheel every time.

There are several "CIM" compliant addons within the splunk apps and addons that some have already formatted popular logs into this format for you:
http://apps.splunk.com/apps/#/search/CIM%20compliant
http://apps.splunk.com/apps/#/search/Common%20Information%20Model
http://apps.splunk.com/apps/#/search/CIMifies

Reply

aelliott
Motivator
‎04-16-2014 11:29 AM

Correct.
The CIM provides normalization for many types of events and provides the data models for the Common Information Models.
In addition you can find other ones in the splunk apps.
Other than those resources, you have to create your own.

0 Karma
Reply

hopnscotch
Path Finder
‎04-16-2014 11:26 AM

I know there are other vendor specific add-ons that actually do the aliasing/normalization. From the answer above it looks like this add-on provides data models.

So any normalization actually needs to be done manually using the fields/tags from the model documentation (other than any vendor specific add-ons you can find).

Do I have that correct?

0 Karma
Reply

hazekamp
Builder
‎03-19-2014 12:20 PM

To build on aelliott's comments above, while this is not an app with a UI, we ship with approx 15 datamodels out of the box that can be used with the search app's Pivot interface. These can also be accelerated to provide a high performance column store that can be queried with "| tstats".

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...