Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Multiple definitions for one tag?

mfeeny1
Path Finder
‎11-21-2011 09:20 PM

I am somewhat new to tags as a "Knowledge Management" tool, and I am reviewing the tags configured on my SPLUNK search head, and totally confused by the following situation... From the GUI, I go to Manage -> Tags -> List by tag name. I see a particular tag (let's call it tag1) that is listed twice, with different field-value pairs. In one row, it includes two field-value pairs, and in the other it includes about 60 field-value pairs. In both definitions, the owner and the app are the same (admin, search). Is this viable? If so, if I were logged in as admin, and I used this tag in a search, which set of field-value pairs would it use?

Thanx for any clarification...

Tags (1)
0 Karma
Reply

Kate_Lawrence-G
Contributor
‎12-09-2011 08:58 AM

well the tags could conceivablely be the same but they could apply to different sources/sourcetypes or applications. So even if they have the same owner they could do different things.

when running a search it would depends on which one of these tags applies to the search.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...