Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
17 results
Sorted by:
01-04-2021
05:01 AM
After accelerating the CIM Validation (S.o.S.) DM and upon checking the pivot for any of the datasets results in an error. Example below: Datamodel 'Splunk_CIM_Validation.Authentication...
Labels
- Labels:
-
troubleshooting
11-26-2020
11:06 PM
Can you please suggest CIM mapping and what Data model we can use for canary app. https://splunkbase.splunk.com/app/3980/ https://splunkbase.splunk.com/app/3981/
Labels
- Labels:
-
development
03-03-2021
05:18 AM
We want to validate CIM mapping that we performed...but I am unable to find "ENDPOINT" & "DATA LOSS PREVENTION" Datasets in following location Setting>Data Model>CIM Validation (S.o.S)
Labels
- Labels:
-
configuration
06-06-2018
11:17 AM
Within Splunk ES, I have two tags applied based on Event types and cannot for the life of me get it to apply when attempting to validate the data model and the data. Of all things, the only field n...
11-12-2019
09:41 PM
Hi Friends,
I am using SPLUNK ES 5.3.1 version.I am trying to validate the existing datamodels(Total 32 including cim validation s.o.s) and finding answers for the points mentioned below:
W...
05-06-2016
12:38 AM
Hi,
In our application we have data in a specific format. We are converting this data to CIM model (say IntrusionDetection, Malware etc) and then uploading to Splunk.
Now once its get uploaded I...
- Tags:
- splunk-enterprise
10-22-2019
08:54 AM
1 Karma
The cim validator shows the signature field as a recommended field for the Authentication datamodel while the following query doesn't -
| rest splunk_server=local count=0 /services/data/models/A...
- Tags:
- enterprise-security
06-21-2016
12:03 AM
What is the meaning of "event coverage less than 90 %"? When the CIM data model tried to validate it threw this statement. How can I resolve it?
Refer the screenshot below:
11-16-2016
04:56 PM
Hi,
I created an add-on using the Splunk Add-on Builder which pulls data from an API and maps it to the CIM, and I can't get the App Pre-certification validation to work. I've checked and double c...
07-01-2021
05:53 AM
I added iplocation lookup into my CIM data model. I found there's a rare handling when I validate the result by running | from datamodel: SPL The result SPL is like following an i...
- Tags:
- datamodel
- iplocation
Labels
- Labels:
-
using Splunk Enterprise
