Latest Version 1.3.0
January 8, 2020
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Knowledge Object Explorer
The Knowledge Object Explorer helps you understand how Splunk turns a search and your configured knowledge objects into a normalized search.
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2
Rating
0
(0)
Log in to rate this app
Support
Not Supported
The Knowledge Object Explorer helps you understand how Splunk turns a search and your configured knowledge objects into a normalized search.
You get a tree visualization for the tags, eventtypes, reverse lookups, fields, field aliases, calculated fields, and plain strings that appear in your search after expansion. For a quick dive into your environment, the Browse page parses all Tags, Event Types, and Data Model Objects for their normalizedSearch length letting you explore and optimize the worst offenders first.
This is the companion app to my .conf 2015 talk "Optimizing Splunk Knowledge Objects", the session includes lots of search expansion background information and some demos of the Knowledge Object Explorer.
A note on Splunk Enterprise 6.6: While the Knowledge Object Explorer does work with 6.6, it does not mirror the litsearch optimization attempts built into 6.6.
Categories
Created By
Martin Müller
Type
app
Downloads
3,768
Licensing
Splunk Answers
Resources
Log in to report this app listing