Module 2: What is Splunk? Flashcards

1
Q

Index

A

Heart of Splunk. Collects data from almost any source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Splunk data inspector process

A
Look at data and decide how to process.
Label with source type
Break it into events
Timestamps normalized
Added to Splunk index to be searched
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Splunk processing components (3)

A

Indexer
Search Head
Forwarder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Indexers

A

Processes incoming machine data. Stores results in indexes as events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Events

A

Result of processed machine data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Events stored in…

A

Index

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Index directories

A

Labeled by age (date). Search looks at date first.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Search head

A

Handle search requests using Splunk search language. Enriches data with reports, dashboards, visualizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Search heads send searches to…

A

Indexers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Search Head tools (3)

A

Dashboards
Reports
Visualizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Forwarders

A

Splunk Ent. instances that consume data and forward to indexers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Splunk functions (4)

A

Input
Parsing
Indexing
Searching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Search requests processed by…

A

Indexers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly