Knowledge objects
There are bunch of different types of knowledge object and different ways to use them in Splunk to make searching easier:
|
Knowledge Object |
Description |
|
Reports |
Saved searches of specific data and visualizations |
|
Alerts |
Saved searches of specific data set to email an alert or commit an action when triggered |
|
Events |
A log string that is saved and given a name for later reference during a search query |
|
Field extractions |
Very specific values within a log event that can be extracted with regex; often things such as |
|
Tag |
An ancillary category market for disparate yet similar event types/hosts/systems |
|
Field alias |
A second name given to a field within a sourcetype - for instance, user can be aliased to ... |
Get Splunk Best Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
