knowledge object

knowledge object


A user-defined entity that enriches the existing data in Splunk Enterprise. You can use knowledge objects to get specific information about your data. When you create a knowledge object, you can keep it private or you can share it with other users.

Knowledge managers manage how their organizations use knowledge objects in their Splunk Enterprise deployments. Splunk Enterprise knowledge objects include saved searches, event types, tags, field extractions, lookups, reports, alerts, data models, workflow actions, and fields.

According to the instructors and course developers from EDU Team, transactions can't be defined as knowledge objects and have been removed from the above list. Transactions can't be reused, they can't be called from a search string, and they can't be shared by editing the permissions.

For more information

In the Knowledge Manager Manual: