Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Common information model

vikassanap2011
New Member
‎08-17-2015 05:31 AM

Hi,

I developed splunk app and addon to monitor one infrastructure. While filling out app certification template, I found common information model term. Can anyone tell me what it is? How I should define this with respect to my app?

0 Karma
Reply

mreynov_splunk
Splunk Employee
Splunk Employee
‎08-17-2015 11:02 AM

Common Information Model is an abstraction layer between Splunk data sources and Splunk apps (use cases, dashboards, analytics).
In order to satisfy CIM mapping requirement, your data needs to be normalized, ie fields need to be aliased with CIM compliant names and your events need to be tagged to be associated with at least one model on this list: http://docs.splunk.com/Documentation/CIM/latest/User/Overview#What_data_models_are_included

Note: Creating your own data model will not get you CIM compliance.

Reply

alacercogitatus
SplunkTrust
SplunkTrust
‎08-17-2015 06:02 AM

The Common Information Model gives a common standard to Splunk data, so that an end-user does not have to know a specific fieldname in custom data. For example, username is mapped to user to be considered CIM compliant.

Read the manual here: http://docs.splunk.com/Documentation/CIM/4.2.0/User/Overview. This gives a great insight into this configuration.

Reply

vikassanap2011
New Member
‎08-17-2015 07:36 AM

Thanks!
Now, my app is ready.
Do i need to create a data model for it link text.
Actually I am not getting what i need to change or add to satisfy app certification criteria of CIM.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...