Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help on basic questions about datamodel

jip31
Motivator
‎10-24-2023 11:39 PM

Hello

As far I understand, the Splunk datamodel has two main goals

1)  Data models enable users of Pivot to create compelling reports and dashboards without designing the searches that generate them.  So, the Pivot tool lets to report on a specific data set without the Splunk Search Processing Language 

2) It's possible to refer to the CIM data models to normalize different name of data having the same function

In this case, we need to normalize data by using tags, alias, eventtypes, etc...

  • Alerts
  • Application State
  • Authentication
  • Certificates
  • Databases
  • Data Loss Prevention
  • Email
    Interprocess Messaging
  • Intrusion Detection
  • Inventory
  • Java Virtual Machines
  • Malware
  • Network Resolution (DNS)
  • Network Sessions
  • Network Traffic
  • Performance
  • Ticket Management
  • Updates
  • Vulnerabilities
  • Web

Is it correct? Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-26-2023 05:04 AM

I agree with #1.

As for #2, I believe it's the other way around.  CIM is what makes datamodels work.  Once the data has been normalized to use CIM field names, the tags and eventtypes used by the DMs become effective.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-26-2023 05:04 AM

I agree with #1.

As for #2, I believe it's the other way around.  CIM is what makes datamodels work.  Once the data has been normalized to use CIM field names, the tags and eventtypes used by the DMs become effective.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...