All Apps and Add-ons

Splunk CIM Add-on 4.2.0: The docs state the Web object should be tagged by "WEB", but why is the Web root constrained with sourcetype=iis* in the data model?

kundeng
Path Finder

In the 4.2.0 version of the Common Information Model Add-on Manual, it states clearly the Web object name should be tagged by "web". However, in the actual data model downloaded from splunkbase, the Web root is constrained with sourcetype=iis*. Is this a bug or am I missing something?

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

I think you must be seeing some locally applied constraint -- there's nothing like that out of the box.

dflodstrom
Builder

Where do you see the constraint 'sourcetype=iis*'.

I am using the latest version of CIM and my top level constraint is 'tag=web'.

0 Karma

kundeng
Path Finder

That is strange. I have the latest version which is Version 4.2.0.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...