Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
13 results
Sorted by:
01-04-2021
05:01 AM
After accelerating the CIM Validation (S.o.S.) DM and upon checking the pivot for any of the datasets results in an error. Example below: Datamodel 'Splunk_CIM_Validation.Authentication...
Labels
- Labels:
-
troubleshooting
03-03-2021
05:18 AM
We want to validate CIM mapping that we performed...but I am unable to find "ENDPOINT" & "DATA LOSS PREVENTION" Datasets in following location Setting>Data Model>CIM Validation (S.o.S)
Labels
- Labels:
-
configuration
11-26-2020
11:06 PM
Can you please suggest CIM mapping and what Data model we can use for canary app. https://splunkbase.splunk.com/app/3980/ https://splunkbase.splunk.com/app/3981/
Labels
- Labels:
-
development
06-06-2018
11:17 AM
Within Splunk ES, I have two tags applied based on Event types and cannot for the life of me get it to apply when attempting to validate the data model and the data. Of all things, the only field n...
11-12-2019
09:41 PM
Hi Friends,
I am using SPLUNK ES 5.3.1 version.I am trying to validate the existing datamodels(Total 32 including cim validation s.o.s) and finding answers for the points mentioned below:
W...
10-22-2019
08:54 AM
1 Karma
The cim validator shows the signature field as a recommended field for the Authentication datamodel while the following query doesn't -
| rest splunk_server=local count=0 /services/data/models/A...
- Tags:
- enterprise-security
06-21-2016
12:03 AM
What is the meaning of "event coverage less than 90 %"? When the CIM data model tried to validate it threw this statement. How can I resolve it?
Refer the screenshot below:
11-16-2016
04:56 PM
Hi,
I created an add-on using the Splunk Add-on Builder which pulls data from an API and maps it to the CIM, and I can't get the App Pre-certification validation to work. I've checked and double c...
01-03-2017
12:23 PM
I'm using the Splunk CIM Validator app to validate that data is flowing into my Splunk Enterprise Security data models correctly. For a number of the data models, the app shows 0% compliance b...
04-11-2019
11:55 AM
We are using ES with a datamodel that has the base constraint:
(`cim_Malware_indexes`) tag=malware tag=attack
This drives correlation searches like: Endpoint - Recurring Malware I...
