×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
alex_mics
Engager
Member since: ‎03-08-2024
‎03-12-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎03-08-2024
Activity Feed
View All

Re: Help Needed: SA-cim_validator Returns No Resul...

by in All Apps and Add-ons
‎03-11-2024 03:16 PM
1 Karma
‎03-11-2024 03:16 PM
1 Karma
Thanks for replying Marnall. It is indeed very strange that the CIM Validator does not return any results. Especially since as you mentioned, at the bottom of the page there is a table labelled "Events" that does return results. I do not recall if this issue was present last week, but trying to click on the "Search type" drop down menu and clicking on "datamodel" no longer saves that selection. It is permanently stuck on "_raw". Clicking on all the magnifying glasses of each search, the results are almost always the same: - "Total fields" always returns a count of zero. - The rest all return the data model that I have selected. I've added several screenshots to showing what I see. I hope there will be more suggestions for troubleshooting. No CIM Validation results despite the "Events" table being populated. "Open in Search" result from "Issue Fields" ... View more

Help Needed: SA-cim_validator Returns No Results

by in All Apps and Add-ons
‎03-08-2024 04:11 PM
‎03-08-2024 04:11 PM
Hello Splunk Community, I'm encountering an issue with the SA-cim_validator add-on where it's returning no results, and I'm hoping someone here can help me troubleshoot this further. Here's what I've done so far: Confirmed that the app has read access for all users and write access for admin roles. Checked that the configuration files are correctly set up. Splunk Common Information Model (Splunk_SA_CIM) is installed and up to date. Verified that the indexes and sourcetypes specified in the queries are present and contain data. Reviewed time ranges to include periods with log generation. Ensured that data models are accelerated as needed. Looked through Splunk's internal logs for any errors related to the SA-cim_validator but found nothing. Despite these steps, every time I run a search query within the CIM Validator, such as index=fortigate sourcetype=fortigate_utm, it yields no results, regardless of the indexes or targeted data model or search parameters I use. Does anyone have any insights or suggestions on what else I can check or any known issues with the add-on? Any assistance would be greatly appreciated! Thank you, Alex_Mics ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-12-2024 07:35 PM
Karma from
View All
Karma given to
View All