Splunk CIM Add-on 4.2.0: The docs state the Web ob...

kundeng · ‎04-27-2015

In the 4.2.0 version of the Common Information Model Add-on Manual, it states clearly the Web object name should be tagged by "web". However, in the actual data model downloaded from splunkbase, the Web root is constrained with sourcetype=iis*. Is this a bug or am I missing something?

jcoates_splunk · ‎05-03-2015

I think you must be seeing some locally applied constraint -- there's nothing like that out of the box.

dflodstrom · ‎04-28-2015

Where do you see the constraint 'sourcetype=iis*'.

I am using the latest version of CIM and my top level constraint is 'tag=web'.

kundeng · ‎04-28-2015

That is strange. I have the latest version which is Version 4.2.0.

Splunk CIM Add-on 4.2.0: The docs state the Web object should be tagged by "WEB", but why is the Web root constrained with sourcetype=iis* in the data model?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation