SPLK-CKNOB - Creating Knowledge Objects

This three-hour course is for knowledge managers who want to learn how to create knowledge objects for their search environment using the Splunk web interface. Topics will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields.

Duration: 3.0

Enquire Now

Start learning today!

Click Hereto customize your Training


  • Knowledge Objects and Search-time Operations
  • Create Event Types
  • Create Workflow Actions
  • Create Tags and Aliases
  • Create Search Macros
  • Create Calculated Fields


Topic 1 – Knowledge Objects & Search-time Operations

  • Understand role of knowledge objects for enriching data
  • Define search-time operation sequence

Topic 2 – Create Event Types

  • Define event types
  • Create event types using three methods
  • Use event types
  • Find event types
  • Tag event types
  • Compare event types and reports

Topic 3 – Create Workflow Actions

  • Identify what are workflow actions
  • Create a GET, POST, and search workflow action
  • Test workflow actions

Topic 4 – Create Tags and Aliases

  • Describe field aliases
  • Create field aliases
  • Search with field aliases
  • Define tags
  • Create and view tags
  • Search with tags
  • Manage tags

Topic 5 – Create Search Macros

  • Define macros
  • Create macros with and without arguments
  • Validate macro arguments
  • Use and preview macros at search time
  • Use nested macros
  • Use macros with other knowledge objects
  • Use tags/event types with macros
  • Create macros: considerations

Topic 6 – Create Calculated Fields

  • Explain calculated fields
  • Create a calculated field
  • Use a calculated field


  • Splunk Administrator
  • Developer
  • User
  • Knowledge Manager
  • Architect


To be successful, students should have completed the following courses:

  • Search Under the Hood
  • Multi-value Fields



Course Benefits

  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges

Splunk Popular Courses


This "Fast Start" course covers over 60 commands and functions and prepares students to be search experts.


This course prepares security practitioners to use SOAR to respond to security incidents.


This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.


This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.
Enquire Now
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy