Knowledge Object in Splunk

What is Knowledge Object and what Knowledge Managers do?

Knowledge Object:
Knowledge objects are user-defined entities used for extracting knowledge from existing or run-time data in order to enrich data.
You can set up knowledge objects to make operations smarter & to bring intelligence to your systems.
Knowledge objects are user-defined block of logic that enables you to leverage your information in specific ways to infer meaning from your data.
These knowledge objects will monitor your events & give notifications when certain conditions occur.
It is used to get specific information and enrich your data.
If you’re using Splunk, you’re using one very large knowledge object.
Splunk knowledge objects include saved searches, event types, tags, field extractions, lookups, reports, alerts, data models, workflow actions, and fields.
You can create, edit, save and share knowledge objects.

Knowledge managers manage how their organizations use knowledge objects in their Splunk Enterprise deployments.

There are bunch of different types of knowledge object and different ways to use them in Splunk to make searching easier.

A collection of knowledge objects that address a specific use case is called an App. Knowledge objects that service other apps in some ways are called add-ons. You can develop apps and add-ons for your own use, and you can also find apps and add-ons created by Splunk and other users on Splunkbase so you don’t have to reinvent the wheel.

Hope you find this Article interesting for short bits around the technology follow me on LinkedIn at www.linkedin.com/in/anveshsalla