Solved: Splunk ES and CIM compatibility for upgrade?

spectrum2035 · ‎06-11-2019

Hello,

We would like to use the latest CIM version (4.13.0) in order to use the Endpoint datamodel which is not available in the earlier CIM version.

Our Splunk ES is on 5.1.0 with CIM (4.11.0).

If I upgrade CIM without upgrading the Splunk ES, will that be an issue?

amitm05 · ‎06-11-2019

I think your CIM compatibility has to be with Splunk Versions which needs to be 7.2 OR 7.1 for CIM 4.13.

And then your ES App also has to be compatible with Splunk Versions which in your case is -
5.1 (ES) which goes with 7.1 OR 7.2.

So, your CIM and ES App would be compatible to each other.
You can refer the compatible versions of CIM, ES App and Splunk from here -
https://splunkbase.splunk.com/app/263/

Please accept as answer if this responds to your query, Thanks.

View solution in original post

pellegrini · ‎05-31-2022

The release note of ES lists the preferred CIM version. For ES there is no longer any info about supported CIM versions in Splunkbase.

https://docs.splunk.com/Documentation/ES/7.0.1/RN/Enhancements#Updated_add-ons

amitm05 · ‎06-11-2019

I think your CIM compatibility has to be with Splunk Versions which needs to be 7.2 OR 7.1 for CIM 4.13.

And then your ES App also has to be compatible with Splunk Versions which in your case is -
5.1 (ES) which goes with 7.1 OR 7.2.

So, your CIM and ES App would be compatible to each other.
You can refer the compatible versions of CIM, ES App and Splunk from here -
https://splunkbase.splunk.com/app/263/

Please accept as answer if this responds to your query, Thanks.

spectrum2035 · ‎06-12-2019

Thanks amitm05

Splunk ES and CIM compatibility for upgrade?

upgrade

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...