The Splunk Common Information Model (CIM) is a collection of data models that apply a common structure
and naming convention to data from any source. A data model is a type of knowledge object that defines the
structure and relationships of fields in a dataset. A data model can have one or more datasets, which are
subsets of the data model that represent different aspects of the data. For example, the Network Traffic data
model has datasets such as All Traffic, DNS, HTTP, etc. The CIM contains 28 pre-configured data models that
cover various domains such as authentication, network traffic, web, email, etc. The CIM is implemented as an
add-on that contains the JSON files for the data models, documentation, and tools that support the consistent,
normalized treatment of data for maximum efficiency at search time23
1: Splunk Core Certified Power User Track, page 10. 2: Splunk Documentation, Overview of the Splunk
Common Information Model 1. 3: Splunkbase, Splunk Common Information Model (CIM) 2.

Reference:
https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity

The correct format for naming a macro with multiple arguments is monthly_sales3. The square brackets
indicate that the macro has arguments, and the number indicates how many arguments it has. The arguments
are separated by commas when calling the macro, such as monthly_sales[region,salesperson,date].