All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where can I find a list of Splunk Common Information Model (CIM) fields?

HealyManTech
Explorer
‎10-04-2018 06:51 AM

Is there a CIM document that lists the fields for it? I looked in documents but they only really explain it and I haven't found a list of it.

Reply
1 Solution
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎10-04-2018 07:22 AM

The data model reference tables are linked in this table: http://docs.splunk.com/Documentation/CIM/4.11.0/User/Overview#What_data_models_are_included

Is that what you were looking for?

View solution in original post

Reply
Solved! Jump to solution

tomasmoser
Contributor
‎11-25-2020 02:49 PM

A list of all CIM fields (with mapping to corresponding  data model they are used in) are available in CIM documentation since 4.15.0 version:

CIM App documentation -> Data Model -> CIM fields per associated data model

https://docs.splunk.com/Documentation/CIM/4.18.0/User/CIMfields

 

Reply
Solved! Jump to solution

zonistj
Path Finder
‎12-28-2018 02:07 PM

Hello,

I see that you already accepted an answer, but I wanted to inform you of the CIM Validator app. It has a csv lookup table of all of the CIM fields and their data model mappings.

The original app is here:

https://github.com/hire-vladimir/SA-cim_vladiator

I forked it and updated the dictionary to be CIM 4.12.0 (current) compliant:

https://github.com/zoneice/SA-cim_vladiator

Here's a link directly to the csv if you aren't interested in the full app:

https://github.com/zoneice/SA-cim_vladiator/blob/master/lookups/cim_dictionary.csv

Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎10-04-2018 07:26 AM

Hi,

Have you gone through this document http://docs.splunk.com/Documentation/CIM/4.11.0/User/Authentication ? This document is for Authentication datamodel but there are other pages available (Click next page) for other datamodels which shipped with CIM.

Reply
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎10-04-2018 07:22 AM

The data model reference tables are linked in this table: http://docs.splunk.com/Documentation/CIM/4.11.0/User/Overview#What_data_models_are_included

Is that what you were looking for?

Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...