Splunk® Asset and Risk Intelligence

Administer Splunk Asset and Risk Intelligence

Activate data sources in Splunk Asset and Risk Intelligence

To finish setting up sources in Splunk Asset and Risk Intelligence, you must activate the sources so that the app can use them to discover asset data. To activate or deactivate a data source in Splunk Asset and Risk Intelligence, complete the following steps:

  1. Select Admin then Data sources and then Data source management.
  2. Select the settings icon ( settings ) next to the source you want to activate.
  3. Toggle the switch to Active.
  4. Select Update.

Validate a data source

After you add a data source to Splunk Asset and Risk Intelligence, including the configuration process for the event search and prioritization, you can validate the data source to make sure the expected fields are mapped correctly. Validating a data source is not required to add and configure a data source, but it can be helpful for finding errors in field mapping.

To validate a data source, complete the following steps:

  1. In Splunk Asset and Risk Intelligence, select Admin then Data sources and then Data source management.
  2. Select the more icon next to the data source you want to validate.
  3. Select Validate data source.
  4. Select a data source Search time window and the Inventory type to validate. Most real-time data sources have data within the Last 15 minutes.
  5. Review the Values found and find which values are Required. You can also sort the columns.

    If you can't see any data for a batched data source, you can select the search icon for the data source and then select Generate summary to run the batched search and generate data in the summary index. Then, you can validate the source using the Last 15 minutes search time window.

  6. (Optional) Check the box to Hide missing fields to show only the fields that have been mapped correctly.
  7. Select Close.
Last modified on 13 February, 2025
Assign data source priorities in Splunk Asset and Risk Intelligence   Data source field mapping reference

This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1, 1.0.2

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters