Hello,
I read about CIM, saw Splunk Fundamental 2 and read the documentation, but I don’t understand ... how to use CIM and how to work CIM? Help me understand, please.
Thank.
https://docs.splunk.com/Documentation/CIM/4.14.0/User/Overview
http://www.georgestarcher.com/splunk-bringing-in-data-minecraft-the-model-method/
It’s a field naming and in some cases value standardization lexicon.
Extract fields to CIM compliant names -> eventtype key events -> tag eventtypes to the appropriate data models.