Available Splunk knowledge objects

There are many different Splunk knowledge objects (SKOs) that can be used within an App. The only required SKO for an App is the addition of views that can be displayed to the end user. We will briefly cover the different types of SKOs that you can include within your App. To avoid any issues with author interpretation of the definitions of these SKOs, we will use the definitions and references from the official Splunk documentation.

Macros

noun
A parameterized portion of a search such as an eval statement or a search term that can be reused in multiple places, including saved and ad hoc searches, and which is used in a manner similar to a search command. Search macros can contain arguments, but they are not required. ...

Get Splunk Developer's Guide - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk Developer's Guide - Second Edition by Kyle Smith

Available Splunk knowledge objects

Macros

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly