Module 7: knowledge objects Flashcards
what are knowledge objects?
they are tools you use to discover and analyse your data
What are data interpretation knowledge objects?
Field and field extractions
what are data classification knowledge objects?
Event types
What are data enrichment knowledge objects?
Lookups and Workflow Actions
What is data normalisation on Knowledge objects?
Tags and field aliases
what are datasets in knowledge objects?
Data Models
what are the properties of knowledge objects?
Shareable
Reusable
Searchable
What is a knowledge manager?
- They oversee knowledge object creation and usage for a group or deployment
- Normalise event data
- creates data models for Pivot users
what is a recommended naming convention?
Group_ObjectType_Description
what user Role profile can create Private Knowledge objects?
User
Power
Admin
which roles have access to read and write Private knowledge Objects
- read (person who created it and admin)
- write (person who created it and admin)
where are knowledge objects managed?
They are managed in Settings > Knowledge
what is Splunk CIM stand for?
It is the Splunk Common Information Model
what is Splunk CIM used for?
Normalise data
correlate data from different sources and source types
leverage to create various knowledge objects.
