Module 6: Understanding Knowledge Objects Flashcards

1
Q

What are knowledge objects?

A

Knowledge objects are tools you use to discover and analyze various aspects of your data

Page 155 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some examples of knowledge objects?

A
  • Data interpretation - fields and field extractions
  • Data classification - events types
  • Data enrichment - lookups and workflow actions
  • Normalization - tags and field aliases
  • Datasets - data models
  • Shareable - can be shared between users
  • Reusable - persistent objects that can be used by multiple people or apps, such as macros and reports
  • Searchable - since the objects are persistent, they can be used in a search

Page 155 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a knowledge manager?

A

A knowledge manager oversees knowledge object creation and usage for a group or deployment.
It also normalizes event data and creates data models for Pivot users

Page 157 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When it comes to the naming convention, what is Splunk’s recommend way of naming your production environment?

A
  • Group - corresponds to the working group(s) of the user saving the object
    (examples: SEG. NEG. OPS. NOC)
  • Object Type: Indicates the type of object
    (alert, report, summary-index-populating)
    (examples: Alert, Report, Summary)
  • Description - a meaningful description of the context and intent of the search, limited to one or two words if possible; ensures the search name is unique
    Full example: SEG_Alert_WinEventlogFailures

Page 158 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When a knowledge object has private permissions what are the characteristics?

A

Only the person who created the object can use it and edit it.

  • Create: user, power, admin
  • Read: person who created it “Admin”
  • Edit: person who created it “Admin”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When a knowledge object has the permission of “This app only” what are the characteristics?

A

Object persists in the context of a specific app

  • Create: power, admin
  • Read: user, power, admin
  • Edit: user, power, admin

Page 159 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When a knowledge object has the permission of “All apps” what are the characteristics?

A

Objects persists globally

  • Create: Admin
  • Read: user, power, admin
  • Edit: user, power, admin

Page 159 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is the read and/or write permission given to a role?

A

These permissions are given by the creator

Page 159 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When an object is created, what is the default set to?

A

The display for is set to Owner by default

Page 160 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens when an object’s permissions are set to App or All apps?

A

All roles are given read permission

Page 160 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who is the write permission saved for?

A

It is saved for the admin role and the object creator unless the creator edits permissions

Page 160 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What role is the only one that can promote an object to All apps?

A

The admin role

Page 160 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Where are knowledge objects centrally managed from?

A

Settings > Knowledge

Page 161 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What determines your ability to modify an object’s settings?

A

Your role and permissions

Page 161 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or False: By default, objects for all owners are listed.

A

True

Page 161 Mod 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the methodology for normalizing data?

A

Common Information Model (CIM)

Page 162 Mod 6

17
Q

What are some of the things Common Information Model (CIM) is used for?

A
  • Easily correlate data from different sources and source types
  • Leverage to create various objects discussed in this course - field extractions, field aliases, event types, tags

Page 162 Mod 6