Splunk® Asset and Risk Intelligence

Administer Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence is not compatible with Splunk Enterprise 9.1.2 due to known issues SPL-237796, SPL-248319 where search results in "results" have more rows than expected. Upgrade to Splunk Enterprise 9.1.3 to use Splunk Asset and Risk Intelligence.

Activate data sources in Splunk Asset and Risk Intelligence

To finish setting up sources in Splunk Asset and Risk Intelligence, you must activate the sources so that the app can use them to discover asset data. To activate or deactivate a data source in Splunk Asset and Risk Intelligence, complete the following steps:

  1. Select Admin then Data sources and then Data source management.
  2. Select the settings icon ( settings ) next to the source you want to activate.
  3. Toggle the switch to Active.
  4. Select Update.

Validate a data source

After you add a data source to Splunk Asset and Risk Intelligence, including the configuration process for the event search and prioritization, you can validate the data source to make sure the expected fields are mapped correctly. Validating a data source is not required to add and configure a data source, but it can be helpful for finding errors in field mapping.

To validate a data source, complete the following steps:

  1. In Splunk Asset and Risk Intelligence, select Admin then Data sources and then Data source management.
  2. Select the more icon next to the data source you want to validate.
  3. Select Validate data source.
  4. Select a data source Search time window and the Inventory type to validate. Most real-time data sources have data within the Last 15 minutes.
  5. Review the Values found and find which values are Required. You can also sort the columns.

    If you can't see any data for a batched data source, you can select the search icon for the data source and then select Generate summary to run the batched search and generate data in the summary index. Then, you can validate the source using the Last 15 minutes search time window.

  6. (Optional) Check the box to Hide missing fields to show only the fields that have been mapped correctly.
  7. Select Close.
Last modified on 13 February, 2025
Assign data source priorities in Splunk Asset and Risk Intelligence   Data source field mapping reference

This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1, 1.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters