Show
Recommended textbook solutions
Advanced Engineering Mathematics10th EditionErwin Kreyszig 4,133 solutions
Introduction to Chemical Engineering Thermodynamics7th EditionHendrick Van Ness, J.M. Smith, Michael Abbott 590 solutions
Chemistry for Engineering Students2nd EditionLawrence S. Brown, Thomas A. Holme 945 solutions
Fundamentals of Engineering Economic Analysis1st EditionDavid Besanko, Mark Shanley, Scott Schaefer 215 solutions Recommended textbook solutionsFundamentals of Physics10th EditionDavid Halliday, Jearl Walker, Robert Resnick 8,921 solutions
University Physics with Modern Physics, Volume Two1st EditionGary Westfall, Wolfgang W. Bauer 3,090 solutions
Physics, Volume 12nd EditionAlan Giambattista, Betty Richardson, Robert Richardson 3,882 solutions Classical Dynamics of Particles and Systems5th EditionJerry B. Marion, Stephen T. Thornton 524 solutions Splunk knowledge management is about maintenance of knowledge objects for a Splunk Enterprise implementation. Below are the main features of knowledge management −
Knowledge ObjectIt is a Splunk object to get specific information about your data. When you create a knowledge object, you can keep it private or you can share it with other users. The examples of knowledge object are: saved searches, tags, field extractions, lookups, etc. Uses of Knowledge ObjectsOn using the Splunk software, the knowledge objects are created and saved. But they may contain duplicate information, or they may not be used effectively by all the intended audience. To address such issues, we need to manage these objects. This is done by classifying them properly and then using proper permission management to handle them. Below are the uses and classification of various knowledge objects − Fields and field extractionsFields and field extractions is the first layer of Splunk software knowledge. The fields automatically extracted from the Splunk software from the IT data help bring meaning to the raw data. The manually extracted fields expand and improve upon this layer of meaning. Event types and transactionsUse event types and transactions to group together interesting sets of similar events. Event types group together sets of events discovered through searches. Transactions are collections of conceptually-related events that span time. Lookups and workflow actionsLookups and workflow actions are categories of knowledge objects that extend the usefulness of your data in various ways. Field lookups enable you to add fields to your data from external data sources such as static tables (CSV files) or Python-based commands. Workflow actions enable interactions between fields in your data and other applications or web resources, such as a WHOIS lookup on a field containing an IP address. Tags and aliasesTags and aliases are used to manage and normalize sets of field information. You can use tags and aliases to group sets of related field values together, and to give extracted field tags that reflect different aspects of their identity. For example, you can group events from set of hosts in a particular location (such as a building or city) together by giving the same tag to each host. If you have two different sources using different field names to refer to same data, then you can normalize your data by using aliases (by aliasing clientip to ipaddress, for example). Data modelsData models are representations of one or more datasets, and they drive the Pivot tool, enabling Pivot users to quickly generate useful tables, complex visualizations, and robust reports without needing to interact with the Splunk software search language. Data models are designed by knowledge managers who fully understand the format and semantics of their indexed data. A typical data model makes use of other knowledge object types. We will discuss some of the examples of these knowledge objects in the subsequent chapters. Who can share knowledge objects Splunk?Basically, if you're using Splunk, you're using one very large knowledge object. With those knowledge objects, you can share them with other Splunk users, and include tags, events, reports, and alerts to organize and maintain your data. There are several types of knowledge objects.
What are the types of roles in Splunk?The predefined roles are: admin: This role has the most capabilities. power: This role can edit all shared objects and alerts, tag events, and other similar tasks. user: This role can create and edit its own saved searches, run searches, edit preferences, create and edit event types, and other similar tasks.
Which knowledge objects can be scheduled to execute at specific times in Splunk?These knowledge objects include extracted fields, calculated fields, lookup fields, field aliases, tags, and event types. Splunk software performs these operations in a specific sequence.
When a user has left your organization what happens to their knowledge objects Splunk?When a knowledge object owner leaves a department or company and their Splunk account is deactivated, the knowledge objects that they owned remain in the system. These are orphaned knowledge objects.
|