Which roles are required to share knowledge objects?

Recommended textbook solutions

Advanced Engineering Mathematics

10th EditionErwin Kreyszig

4,133 solutions

Introduction to Chemical Engineering Thermodynamics

7th EditionHendrick Van Ness, J.M. Smith, Michael Abbott

590 solutions

Chemistry for Engineering Students

2nd EditionLawrence S. Brown, Thomas A. Holme

945 solutions

Fundamentals of Engineering Economic Analysis

1st EditionDavid Besanko, Mark Shanley, Scott Schaefer

215 solutions

Recommended textbook solutions

Fundamentals of Physics

10th EditionDavid Halliday, Jearl Walker, Robert Resnick

8,921 solutions

University Physics with Modern Physics, Volume Two

1st EditionGary Westfall, Wolfgang W. Bauer

3,090 solutions

Physics, Volume 1

2nd EditionAlan Giambattista, Betty Richardson, Robert Richardson

3,882 solutions

Classical Dynamics of Particles and Systems

5th EditionJerry B. Marion, Stephen T. Thornton

524 solutions

Splunk knowledge management is about maintenance of knowledge objects for a Splunk Enterprise implementation.

Below are the main features of knowledge management −

• Ensure that knowledge objects are being shared and used by the right groups of people in the organization.

• Normalize event data by implementing knowledge object naming conventions and retiring duplicate or obsolete objects.

• Oversee strategies for improved search and pivot performance (report acceleration, data model acceleration, summary indexing, batch mode search).

• Build data models for Pivot users.

Knowledge Object

It is a Splunk object to get specific information about your data. When you create a knowledge object, you can keep it private or you can share it with other users. The examples of knowledge object are: saved searches, tags, field extractions, lookups, etc.

Uses of Knowledge Objects

On using the Splunk software, the knowledge objects are created and saved. But they may contain duplicate information, or they may not be used effectively by all the intended audience. To address such issues, we need to manage these objects. This is done by classifying them properly and then using proper permission management to handle them. Below are the uses and classification of various knowledge objects −

Fields and field extractions

Fields and field extractions is the first layer of Splunk software knowledge. The fields automatically extracted from the Splunk software from the IT data help bring meaning to the raw data. The manually extracted fields expand and improve upon this layer of meaning.

Event types and transactions

Use event types and transactions to group together interesting sets of similar events. Event types group together sets of events discovered through searches. Transactions are collections of conceptually-related events that span time.

Lookups and workflow actions

Lookups and workflow actions are categories of knowledge objects that extend the usefulness of your data in various ways. Field lookups enable you to add fields to your data from external data sources such as static tables (CSV files) or Python-based commands. Workflow actions enable interactions between fields in your data and other applications or web resources, such as a WHOIS lookup on a field containing an IP address.

Tags and aliases

Tags and aliases are used to manage and normalize sets of field information. You can use tags and aliases to group sets of related field values together, and to give extracted field tags that reflect different aspects of their identity. For example, you can group events from set of hosts in a particular location (such as a building or city) together by giving the same tag to each host.

If you have two different sources using different field names to refer to same data, then you can normalize your data by using aliases (by aliasing clientip to ipaddress, for example).

Data models

Data models are representations of one or more datasets, and they drive the Pivot tool, enabling Pivot users to quickly generate useful tables, complex visualizations, and robust reports without needing to interact with the Splunk software search language. Data models are designed by knowledge managers who fully understand the format and semantics of their indexed data. A typical data model makes use of other knowledge object types.

We will discuss some of the examples of these knowledge objects in the subsequent chapters.

Who can share knowledge objects Splunk?

What are the types of roles in Splunk?

Which knowledge objects can be scheduled to execute at specific times in Splunk?

When a user has left your organization what happens to their knowledge objects Splunk?