Create indexes for Splunk Asset and Risk Intelligence
To begin storing and using data for Splunk Asset and Risk Intelligence, you must create custom indexes.
See Create custom indexes in the Splunk Enterprise Managing Indexers and Clusters of Indexers manual, and then create the following indexes:
Index name | Description |
---|---|
ari_staging | The staging index is for batched data sources, or data that updates in Splunk Asset and Risk Intelligence in batches rather than instantaneously. Create the staging index to store summary event data. |
ari_asset | The asset index is for all asset data. Create the asset index to store data such as inventory counts and time-based data. |
ari_internal | The internal index is for operational logs. Create the internal index to store data such as any metrics you add to Splunk Asset and Risk Intelligence. |
ari_ta | The technical add-on index is for storing data related to the Splunk Add-on for Asset and Risk Intelligence. |
Next step
Install Splunk Asset and Risk Intelligence on a single search head or a search head cluster | Initialize data for Splunk Asset and Risk Intelligence |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1, 1.0.2
Feedback submitted, thanks!