Appendix A: List of PAS knowledge objects

The following table is a list of all of the Splunk knowledge objects that exist in the PAS reference app. The location specifies where the Journey discusses the particular knowledge object.

Splunk Knowledge Object

Defined in $APP_HOME/...

Type

Location in Journey

PAS Data Model

default/
    data/
        models/
            ri_pas_datamodel.json

Data Model

Working with data: where it comes from and how we manage it: "Defining a custom Data Model"

ri-pas-application

appserver/
    addons/
        pas_simulated_application_addon/
            default/
                eventtypes.conf

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-application-change-
permissions

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-application-delete

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-application-read

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-application-update

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-database

appserver/
    addons/
        pas_simulated_database_addon/
            default/
                eventtypes.conf

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-database-change-permissions

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-database-delete

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-database-read

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-database-update

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-file

appserver/
    addons/
        pas_simulated_database_addon/
            default/
                eventtypes.conf

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-file-change-permissions

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-file-delete

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-file-read

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

ri-pas-file-update

"

Event type

Working with data: where it comes from and how we manage it: "Tagging our events"

google-drive

appserver/
    addons/
        googledrive_addon/
            default/
                eventtypes.conf

Event type

Adding code: using JavaScript and Search Processing Language: "Example: Adding a new provider add-on app"

google-drive-change-
permissions

"

Event type

Adding code: using JavaScript and Search Processing Language: "Example: Adding a new provider add-on app"

google-drive-delete

"

Event type

Adding code: using JavaScript and Search Processing Language: "Example: Adding a new provider add-on app"

google-drive-read

"

Event type

Adding code: using JavaScript and Search Processing Language: "Example: Adding a new provider add-on app"

google-drive-update

"

Event type

Adding code: using JavaScript and Search Processing Language: "Example: Adding a new provider add-on app"

audit

appserver/
    addons/
        googledrive_addon/
            default/
                tags.conf

                etags.conf
        pas_simulated_database_addon/
            default/
                etags.conf

                tags.conf
Also inside
../
    Splunk_SA_CIM/
        default/
            tags.conf

Tag

Working with data: where it comes from and how we manage it:
"Tagging our events"

change

"

Tag

Working with data: where it comes from and how we manage it: "Tagging our events"

change-permissions

"

Tag

Working with data: where it comes from and how we manage it: "Tagging our events"

cloudstorage

appserver/
    addons/
        googledrive_addon/
            default/
                tags.conf

                etags.conf
        pas_simulated_database_addon/
            default/
                etags.conf

                tags.conf

Tag

Working with data: where it comes from and how we manage it: "Tagging our events"

delete

"

Tag

Working with data: where it comes from and how we manage it: "Tagging our events"

pas

"

Tag

Working with data: where it comes from and how we manage it: "Tagging our events"

read

"

Tag

Working with data: where it comes from and how we manage it: "Tagging our events"

update

"

Tag

Working with data: where it comes from and how we manage it: "Tagging our events"

FIELDALIAS-command

appserver/
    addons/
        googledrive_addon/
            default/
                props.conf

        pas_simulated_application_addon/
            default/
                props.conf

        pas_simulated_database_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it: "Mapping to a Splunk Common Information Model"

FIELDALIAS-object

appserver/
    addons/
        googledrive_addon/
            default/
                props.conf

        pas_simulated_application_addon/
            default/
                props.conf

        pas_simulated_database_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it: "Mapping to a Splunk Common Information Model"

FIELDALIAS-event_id

appserver/
    addons/
        pas_simulated_application_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

FIELDALIAS-object_attrs

appserver/
    addons/
        pas_simulated_application_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

FIELDALIAS-src

appserver/
    addons/
        pas_simulated_application_addon/
            default/
                props.conf

        pas_simulated_database_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

FIELDALIAS-user

appserver/
    addons/
        pas_simulated_application_addon/
            default/
                props.conf

        pas_simulated_database_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

FIELDALIAS-action

appserver/
   addons/
      pas_simulated_database_addon/
          default/
              props.conf

Field alias

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

FIELDALIAS-object_id

appserver/
    addons/
        pas_simulated_database_addon/
            default/
                props.conf

        pas_simulated_files_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

FIELDALIAS-user_id

appserver/
    addons/
        pas_simulated_database_addon/
            default/
                props.conf

        pas_simulated_files_addon/
            default/
                props.conf

Field alias

Working with data: where it comes from and how we manage it
"Defining our mappings in separate add-on apps"

action

appserver/
    addons/
        googledrive_addon/
            default/
                props.conf

        pas_simulated_application_addon/
            default/
                props.conf

Calculated field

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

change-type

appserver/
    addons/
        googledrive_addon/
            default/
                props.conf

        pas_simulated_application_addon/
            default/
                props.conf

Calculated field

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

status

appserver/
    addons/
        googledrive_addon/
            default/
                props.conf

        pas_simulated_application_addon/
            default/
                props.conf

Calculated field

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

EXTRACT-user

appserver/
    addons/
        googledrive_addon/
            default/
                props.conf

Field extraction

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

EXTRACT-fields

appserver/
    addons/
        pas_simulated_files_addon/
            default/
                props.conf

Field extraction

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

EXTRACT-fields2

appserver/
    addons/
        pas_simulated_files_addon/
            default/
                props.conf

Field extraction

Working with data: where it comes from and how we manage it: "Defining our mappings in separate add-on apps"

employee_details.csv

appserver/
    pas_hr_info/
        lookups/
            employee_details.csv

Lookup table file

Adding code: using JavaScript and Search Processing Language: "Case study: Building a complex query that uses a lookup and overlays additional time data"

employee_details

appserver/
    addons/
        pas_hr_info/
            default/
                transforms.conf

Lookup definition

Adding code: using JavaScript and Search Processing Language: "Case study: Building a complex query that uses a lookup and overlays additional time data"

ri_setup

default/
    transforms.conf

Lookup definition

Working with data: where it comes from and how we manage it: "Using stateful configuration data in the PAS app"

violation_types

default/
    transforms.conf

Lookup definition

Adding code: using JavaScript and Search Processing Language: "Example: Combing multiple searches"

about

default/
    data/
        ui/
            views/
                about.xml

View

N/A

anomalous_activity

default/
    data/
        ui/
            views/
                anomalous_activity.xml

View

Adding code: using JavaScript and Search Processing Language: "How we work #2: Pairing between the stakeholders"

customer_monitor

default/
    data/
        ui/
            views/
                customer_monitor.xml

View

UI and visualizations: what our apps look like: "Using a third-party visualization library (a simple example using the D3 dendrogram)"

offhours_document_
access

default/
    data/
        ui/
            views/
                offhours_document_
                access.xml

View

Adding code: using JavaScript and Search Processing Language: "Case study: Building a complex query that uses a lookup and overlays additional time data"

setup

default/
    data/
        ui/
            views/
                setup.xml

View

Working with data: where it comes from and how we manage it: "Using stateful configuration data in the PAS app"

summary

default/
    data/
        ui/
            views/
                summary.xml

View

UI and visualizations: what our apps look like

terminated_employee_
document_access

default/
    data/
        ui/
            views/
                terminated_employee_
                document_access.xml

View

Working with data: where it comes from and how we manage it: "Modifying the data model to support additional queries"

user_activity

default/
    data/
        ui/
            views/
                user_activity.xml

View

Working with data: where it comes from and how we manage it: "Integrating with a third-party system"

default

default/
    data/
        ui/
            nav/
                default.xml

Navigation menu

UI and visualizations: what our apps look like:
"Adding colors and logos"

pas

default/
    indexes.conf

Index

Packaging and deployment: reaching our destination: "Tips and useful resources"

pasadmin

default/
    authorize.conf

Role

Packaging and deployment: reaching our destination: "Managing authorization and permissions"

pasuser

default/
    authorize.conf

Role

Packaging and deployment: reaching our destination: "Managing authorization and permissions"

jira_alerts

default/
    alert_actions.conf

    savedsearches.conf
bin/
    jira.py

Alert action

New adventures require new tools: alerting