Splunk Asset and Risk Intelligence is not compatible with Splunk Enterprise 9.1.2 due to known issues SPL-237796, SPL-248319 where search results in "results" have more rows than expected. Upgrade to Splunk Enterprise 9.1.3 to use Splunk Asset and Risk Intelligence.
Turn on or turn off discovery searches in Splunk Asset and Risk Intelligence
There are several discovery searches that run regularly to add, update, or remove data from Splunk Asset and Risk Intelligence. As an admin, you can turn on or turn off the searches listed in the following table:
| Type of discovery search | Description | Default run frequency |
|---|---|---|
| Process searches | By running process searches, Splunk Asset and Risk Intelligence can retrieve and track asset data. | 5 minutes |
| Inventory count searches | By running inventory count searches, Splunk Asset and Risk Intelligence keeps a regular count of records within each inventory. If you turn off inventory count searches, you can't access trend data related to asset counts. | 1 hour |
| Association searches | By running association searches, Splunk Asset and Risk Intelligence tracks the first and last time combinations of detected users, hosts, IP addresses, and MAC addresses. If you turn off association searches, you can't access data on associations between assets, such as a host name and an IP address. | 15 minutes |
| Inventory retention searches | Splunk Asset and Risk Intelligence automatically stores asset records in its inventories for an indefinite period of time, but you can modify the retention period for asset records and for particular field values. See Manage asset inventory retention in Splunk Asset and Risk Intelligence. | 1 day |
Turn on or turn off a discovery search
To turn on or turn off a discovery search, complete the following steps:
- In Splunk Asset and Risk Intelligence, select Admin and then Configuration settings.
- Find the section for the search you want to turn on or turn off. For example, Inventory count searches.
- Select the toggle switch for the search you want to turn on or turn off. For example, IP addresses. If you want to turn on or turn off all of the searches, select Turn on all or Turn off all.
- (Optional) You can run an inventory count search outside of its run schedule by selecting Run now.
Last modified on 05 August, 2024
| Customize settings in Splunk Asset and Risk Intelligence | Add and manage filters in Splunk Asset and Risk Intelligence |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1
Download manual
Feedback submitted, thanks!