Hi All,
We have a scripted input, which indexes JSON data into Splunk and using SPATH we have writing our correlation rules. Now that we have Splunk ES, we would like tomap JSON data toCIM in S...
Below are the CIM Macros where i am using and there are different indexes mapped in individual macros. I want to get the list of all indexes mapped in all the CIM Macros. Hence i did a scheduled s...
Hi all. I'm trying to understand how tomap my diagnostic setting AAD data coming in from an mscs:azure:eventhub sourcetype toCIM. I notice in the official docs for the TA, it m...
Hi, I'm doing CIMMapping and the data I have is from Dynatrace. It's JSON format.
I had to do Field Extraction to get a field that would mapto the action field in the Authentication Data Model....
How do we map same field from CIMMapping from different model? -- Example.. from same sourcetype data is coming field1 -- Mapto Inventory model 'dest' field field2-- Mapto Alert model 'dest' field
I have an environment with a large number of sourcetypes and would like tomap those to the appropriate CIM data model. While I generally know about the Splunk commands pivot and datamodel, their u...
Hello, looks like Microsoft Graph Security add all tags to all event type so its not correctly CIMmapped , any one filtered events based on alerts data and mapto correct data models?&n...
Hi guys,
I am in the midst of trying tomap the fields in my data to the splunk authentication CIM. However, I realised that I don't seem able to create a field alias on lookup output fields (eg....
Hello,
I was curious to see if there are any best practices for mapping toCIM data models. More specifically, I'm looking for some guidelines on when (not) tomap a certain field to a datamodel....