Asset Merging

Assets from the selected asset lookups can be merged into the primary asset collection in two ways. First, and easiest, is to navigate to the Asset Management dashboard and click the Execute Merge Search button. The merge will immediately be executed, and a notification will appear once completed. The second way to merge assets is with the custom search command provided in the app. To execute the merge using the custom command, run the following command in a Splunk search window:

| asceraassetmerge

When the command is completed, an event will be shown with the status of the merge. The custom command is useful for merging via ad-hoc searches or saved searches.

The Assets & Identities app includes the ASCERA Merge – Assets saved search and is enabled by default. It runs every 12 hours. The saved search simply executes the custom search command discussed previously, | asceraassetmerge. To modify the saved search, its schedule, or any other parameter, navigate to Searches, Reports, and Alerts within Splunk. Set the filters to Type: All, App: ASCERA A&I, and Owner: All. Once the saved search is visible, click the Edit dropdown and select the desired category. Then, make any necessary changes and save it.