Create indexes for Splunk Asset and Risk Intelligence
To begin storing and using data for Splunk Asset and Risk Intelligence, you must create custom indexes.
See Create custom indexes in the Splunk Enterprise Managing Indexers and Clusters of Indexers manual, and then create the following indexes:
| Index name | Description |
|---|---|
| ari_staging | The staging index is for batched data sources, or data that updates in Splunk Asset and Risk Intelligence in batches rather than instantaneously. Create the staging index to store summary event data. |
| ari_asset | The asset index is for all asset data. Create the asset index to store data such as inventory counts and time-based data. |
| ari_internal | The internal index is for operational logs. Create the internal index to store data such as any metrics you add to Splunk Asset and Risk Intelligence. |
| ari_ta | The technical add-on index is for storing data related to the Splunk Add-on for Asset and Risk Intelligence. |