Activate data sources in Splunk Asset and Risk Intelligence

To finish setting up sources in Splunk Asset and Risk Intelligence, you must activate the sources so that the app can use them to discover asset data. To activate or deactivate a data source in Splunk Asset and Risk Intelligence, complete the following steps:

1. Select Admin then Data sources and then Data source management.
2. Select the settings icon ( ) next to the source you want to activate.
3. Toggle the switch to Active.
4. Select Update.

Validate a data source

After you add a data source to Splunk Asset and Risk Intelligence, including the configuration process for the event search and prioritization, you can validate the data source to make sure the expected fields are mapped correctly. Validating a data source is not required to add and configure a data source, but it can be helpful for finding errors in field mapping.

To validate a data source, complete the following steps:

1. In Splunk Asset and Risk Intelligence, select Admin then Data sources and then Data source management.
2. Select the more icon next to the data source you want to validate.
3. Select Validate data source.
4. Select a data source Search time window and the Inventory type to validate. Most real-time data sources have data within the Last 15 minutes.
5. Review the Values found and find which values are Required. You can also sort the columns.

   If you can't see any data for a batched data source, you can select the search icon for the data source and then select Generate summary to run the batched search and generate data in the summary index. Then, you can validate the source using the Last 15 minutes search time window.

6. (Optional) Check the box to Hide missing fields to show only the fields that have been mapped correctly.
7. Select Close.