Access knowledge objects for an add-on
Many add-ons contain Splunk knowledge objects that enable you to extract knowledge from your raw IT data as you need it, such as events, fields, timestamps, and so on. The Splunk platform extracts some of this information as it indexes your IT data, but it creates most of this information at search time.
Event types
To see the event types in an add-on, in Splunk Web, go to Settings > Event Types. Make sure that you have the App context set to the add-on that you are using. The Event types page displays showing a list of all event types defined in this app context.
Click on the name to access the details page for the event type, where you can edit the Search string, Tags, and Priority for the event type, if you have the permissions to do so.
Tags
To see the Tags defined in an add-on, in Splunk Web, go to Settings > Tags > List by field-value pair. Make sure that you have the App context set to the add-on that you are using. The List by field-value pair page displays a list of all Tags defined in the add-on associated with each field-value pair. The Field extractions page displays showing the Field extractions defined within the app context.
Field extractions
To see the Field extractions defined in an add-on, in Splunk Web, go to Settings > Fields > Field Extractions. Make sure that you have the App context set to the add-on that you are using. The Splunk platform automatically extracts fields from your IT data to help you better understand your data and how you can use it.
| Install an add-on in Splunk Light (Legacy) | Access prebuilt panels included with add-ons |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!