Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Multiple definitions for one tag?

mfeeny1
Path Finder
‎11-21-2011 09:20 PM

I am somewhat new to tags as a "Knowledge Management" tool, and I am reviewing the tags configured on my SPLUNK search head, and totally confused by the following situation... From the GUI, I go to Manage -> Tags -> List by tag name. I see a particular tag (let's call it tag1) that is listed twice, with different field-value pairs. In one row, it includes two field-value pairs, and in the other it includes about 60 field-value pairs. In both definitions, the owner and the app are the same (admin, search). Is this viable? If so, if I were logged in as admin, and I used this tag in a search, which set of field-value pairs would it use?

Thanx for any clarification...

Tags (1)
0 Karma
Reply

Kate_Lawrence-G
Contributor
‎12-09-2011 08:58 AM

well the tags could conceivablely be the same but they could apply to different sources/sourcetypes or applications. So even if they have the same owner they could do different things.

when running a search it would depends on which one of these tags applies to the search.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...