Other Usage
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

cim vladiator % DM coverage

dm2
Explorer
‎02-06-2024 01:21 AM

Hi, 

I installed SA_CIM_Vladiator and when running % checks to see DM coverage I do see gaps between extracted fields or fields that are found on specific indexes and the app does not return them in the results

dm2_0-1707210588459.pngdm2_1-1707210607811.png

 

 

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-30-2026 08:10 AM

Remember that not all of events from a particular index must match your datamodel.

A datamodel definition specifies constraints which events must meet in order to be a part of the root dataset. In case of CIM datamodels this is based on tags. In case of Intrusion Detection datamodel you need two tags for your event - ids and attack. So if you want to check the coverage for the raw data, you need to search for those two tags.

index=whatever_index_you're_using tag=ids tag=attack
0 Karma
Reply

dm2
Explorer
‎02-06-2024 01:43 AM

yes, if I run a search index=imperva I do see all the fields

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-06-2024 03:12 AM

Hi @dm2,

if you run this search in the SA-CIM_vladiator app, do you see fields?

if not (as I understood) you have to share them at Global level.

The app leval shared fields are visible only inside the app where they are created.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-06-2024 01:40 AM

Hi @dm2,

are these fields shared at app or Global level?

they must be at Global level to be viewed in this ad in the other apps.

Ciao.

Giuseppe

0 Karma
Reply

splunkreal
Influencer
‎01-30-2026 05:55 AM

Hi @gcusello  same issue here but we can't share all fields globally just for cim vladiator, is there any solution? 

Thanks!

* If this helps, please upvote or accept solution if it solved *
Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...