Hi all,
I am using Splunk Enterprise Security and having trouble converting the indexes to CIM compliance. One of them is Cloudflare.
The JSON data is being ingested via an AWS S3 bucket, and the visualization works fine on the Cloudflare App. However, the CIM Validator doesn't recognize the events and is unable to be used in Splunk ES.
Has anyone been able to successfully convert these events to be CIM compliant?
Thanks,