Skip to main content
Question

We want to CIM the fields, is there a way to do it?

  • March 11, 2025
  • 3 replies
  • 23 views
T

Hi TeamI hope you are doing well.We have been using Cribl to transform all our logs before they hit Splunk. We want to CIM the fields. Is there a way to do it?Thank you so much

    3 replies

    Jon Rust
    Forum|alt.badge.img
    • Jon Rust
    • Employee
    • March 11, 2025

    For sure. Cribl gives you complete control rename fields and/or move data around. It is not an easy button tho. You'll need to know your data and how it maps into CIM.I put together an example of this sort of thing in the Cisco ASA https://packs.cribl.io|pack

    Raanan Dagan
    • Raanan Dagan
    • Employee
    • March 11, 2025

    Another good example is this pack:https://packs.cribl.io/ -> AWS VPC Flow for Security Teams

    T
    • Taylor Mill
    • Author
    • Employee
    • March 11, 2025

    Thank you so much.

    Terms & ConditionsAccessibility statement