Splunk - Create and Update Assets
  • 02 Jun 2024
  • 3 Minutes to read
  • Dark
  • PDF

Splunk - Create and Update Assets

  • Dark
  • PDF

Article summary

Splunk - Create and Update Assets creates and/or updates assets in Splunk for:

  • Assets that match the parameters of the selected saved query, and match the Enforcement Action Conditions, if defined, or assets selected on the relevant asset page.

Depending on the action selected, assets not in Splunk will be created and existing Splunk assets will be updated.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

General Settings

  • Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
  • Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
  • Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
  • Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

Additional Fields

These fields are optional.

  • Host Name - The hostname of the Splunk search head.

  • Port - Specify the port of the Splunk system. It is recommended to use TCP port 8089. For more details, see Splunk Docs - Securing Splunk Enterprise.

  • Protocol (rdefault: HTTPS) - Select between HTTP and HTTPS protocols when using that specific adapter connection.

  • User Name and Password - The user name and password for an account that has read access to the API.


    If API Token is not supplied, these fields are required.

  • API Token - API token can be used instead of user name and password.


    If User Name and Password are not supplied, this field is required.

  • Action Choice - Select one of the following:

    • Create - Create Splunk assets for the assets returned by the query.
    • Update - Update existing Splunk assets returned by the query.
    • Create and Update - Create and update Splunk assets for the assets returned by the query. Existing Splunk assets will be updated. Assets not already in Splunk will be created.
  • Exclude connections - Assets from the selected connections will not be included in the query results. You can select more than one.

  • Map Axonius fields to adapter fields - Use the Field Mapping Wizard to map Axonius fields to fields in external systems. In this way you can transfer data found in Axonius into the external system as part of the configuration of relevant enforcement actions. The wizard shows you which fields exist on the Axonius system, allowing you to map them easily.



    If the Vendor field (table column) does not currently exist within the collection, Axonius will add the field value(s) specified as a new column(s) in the KV Store Collection. If the field already exists, Axonius will update or add the mapped value.

  • KV Store Collection Name - The name of the KV store collection in which to create and update the assets.

    • If a KV Store Collection name is not provided, the default name will be listed as “axonius”.
    • The KV Store stores your data as key-value pairs in collections. Collections are the containers for your data, similar to a database table. Collections exist within the context of a given app.
    • Fields correspond to key names, similar to the columns in a database table. Fields contain the values of your data in JSON format.


Axonius uses this SDK:

Required Permissions

The Splunk account must have permission to create and update assets.

For more details about other Enforcement Actions available, see Action Library.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.