Module 6: Understanding Knowledge Objects Flashcards
What are knowledge objects?
Knowledge objects are tools you use to discover and analyze various aspects of your data
Page 155 Mod 6
What are some examples of knowledge objects?
- Data interpretation - fields and field extractions
- Data classification - events types
- Data enrichment - lookups and workflow actions
- Normalization - tags and field aliases
- Datasets - data models
- Shareable - can be shared between users
- Reusable - persistent objects that can be used by multiple people or apps, such as macros and reports
- Searchable - since the objects are persistent, they can be used in a search
Page 155 Mod 6
What is a knowledge manager?
A knowledge manager oversees knowledge object creation and usage for a group or deployment.
It also normalizes event data and creates data models for Pivot users
Page 157 Mod 6
When it comes to the naming convention, what is Splunk’s recommend way of naming your production environment?
- Group - corresponds to the working group(s) of the user saving the object
(examples: SEG. NEG. OPS. NOC) - Object Type: Indicates the type of object
(alert, report, summary-index-populating)
(examples: Alert, Report, Summary) - Description - a meaningful description of the context and intent of the search, limited to one or two words if possible; ensures the search name is unique
Full example: SEG_Alert_WinEventlogFailures
Page 158 Mod 6
When a knowledge object has private permissions what are the characteristics?
Only the person who created the object can use it and edit it.
- Create: user, power, admin
- Read: person who created it “Admin”
- Edit: person who created it “Admin”
When a knowledge object has the permission of “This app only” what are the characteristics?
Object persists in the context of a specific app
- Create: power, admin
- Read: user, power, admin
- Edit: user, power, admin
Page 159 Mod 6
When a knowledge object has the permission of “All apps” what are the characteristics?
Objects persists globally
- Create: Admin
- Read: user, power, admin
- Edit: user, power, admin
Page 159 Mod 6
How is the read and/or write permission given to a role?
These permissions are given by the creator
Page 159 Mod 6
When an object is created, what is the default set to?
The display for is set to Owner by default
Page 160 Mod 6
What happens when an object’s permissions are set to App or All apps?
All roles are given read permission
Page 160 Mod 6
Who is the write permission saved for?
It is saved for the admin role and the object creator unless the creator edits permissions
Page 160 Mod 6
What role is the only one that can promote an object to All apps?
The admin role
Page 160 Mod 6
Where are knowledge objects centrally managed from?
Settings > Knowledge
Page 161 Mod 6
What determines your ability to modify an object’s settings?
Your role and permissions
Page 161 Mod 6
True or False: By default, objects for all owners are listed.
True
Page 161 Mod 6