The correct answer is:
✅ C. Configure event types that reference the appropriate tags.
⸻
✅ Explanation:
To normalize data using the Splunk Common Information Model (CIM) Add-On, the key requirement is to tag events correctly, because CIM relies on:
• Event types to identify and group relevant data.
• Tags (such as authentication, email, web, etc.) that are associated with CIM data models.
So, you need to create event types that match your data and assign the correct tags to those event types, allowing CIM to map your data to the appropriate data model.
To normalize data using the Splunk Common Information Model (CIM) Add-On, you need to ensure that the data being ingested has the correct sourcetypes configured. This helps the CIM to properly map the data to its predefined field names and structures. Once the sourcetypes are correctly set, the CIM can apply normalization and ensure that the data fits into the CIM schema.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
2dd1c50
1 week, 1 day agoAhsan90
4 months, 1 week ago