NOTE: The greyed-out items below are listed for purposes of understanding, but are places where one should not (except in rare circumstances by an admin) save KOs.
|
App Name |
When to save… |
Scope |
Read |
Write |
App Visible |
Shows up in Drop-down Menus |
|---|---|---|---|---|---|---|
|
{Team Name} – {Unit/Group} |
Most common. For use within the app (team). Or as a place to save until the KO can be moved (with help from Splunk admin) to a Shared KO app for global access. |
App (?or Global in special circumstances?) |
Team |
Team |
Yes (when one has Read or Write) |
Yes |
|
Common Information Model (from Splunk) |
Pretty much never — and only by an admin after much consideration if so. Only edit what is already there so it remains “pristine” – ready for updates. |
Global |
Everyone |
sc-admin |
No |
Yes |
|
Common Information Model Supplement – Illinois |
Only save things here that are intended to be global and which *specifically supplement existing CIM KOs*. Why? A) Allows us to keep CIM app “pristine” for updates. B) Gives us immediate clarity/visibility in to what we might do to enhance CIM (e.g., via request to Splunk or 3rd party developers). (Names should be derived from precedence of similar/related CIM objects.) E.g., perhaps a second “Web” data model (“Web2”?) that offers extended attributes. |
Global |
Everyone |
sc-admin |
No |
Yes |
|
AAA Shared Knowledge Objects – Illinois |
A place for KOs that are to be Global, but not directly related to existing elements of Splunk-offered CIM or 3rd-party apps (and their technologies). E.g., wholly new Data Models, new aliases, field extractions, eventtypes and tags unrelated to existing objects in CIM or 3rd party apps. (See 3rd party apps below.) |
Global |
Everyone |
sc-admin |
Yes |
Yes |
|
zzz Shared Knowledge Objects – Illinois |
Only for KOs that need “lowering” to address (or troubleshoot?) a precedence issue. |
Global |
Everyone |
sc-admin |
No |
Yes |
|
{3rd Party App} (enabled) |
Similar to “Common Information Model” above, we should never (rarely) save things here. If the app is “enabled” and we need to save things relevant to the app (or its technology), create an “- Illinois” version (branch), disable the original, enable the branch, save in branch. |
Global (or App in some circumstances) |
Everyone (or specific roles in some circumstances) |
sc-admin (and specific roles in some circumstances) |
(Could be either) |
(Depends) |
|
{3rd Party App} (disabled) |
Never. (Purpose of this is to keep for comparison of updates to Illinois branch.) |
NA |
NA |
NA |
NA |
NA |
|
{3rd Party App/Add-on} – Illinois (branch) |
Similar to “Common Information Model Supplement – Illinois” — save enhancements specific to this app (and the technology the app represents) here. Intended (in part) to provide a clean / discrete location for KOs for the technology associated with app so that “merging” 3rd party updates with this app can be as simple as possible (i.e., not mixed in with other Shared KO apps). |
Global (or App in some circumstances) |
Everyone (or specific roles in some circumstances) |
sc-admin (and specific roles in some circumstances) |
(Could be either) |
(Depends) |