Splunk Enterprise Security

Endpoint Data Model doesn't exist



We're using splunk Enterprise Security V5.1.0. When i search in data models list, i can't find "Endpoint" data model. But there are a lot of correlation searches using this data model.

I know that "Application State" data model is deprycated and "Endpoint" data model is used instead.

Could you please correct my understanding?

Labels (1)


Upgrade the CIM add-on to version 4.12 or newer.

If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...