Module 2: What is Splunk? Flashcards
Index
Heart of Splunk. Collects data from almost any source.
Splunk data inspector process
Look at data and decide how to process. Label with source type Break it into events Timestamps normalized Added to Splunk index to be searched
Splunk processing components (3)
Indexer
Search Head
Forwarder
Indexers
Processes incoming machine data. Stores results in indexes as events.
Events
Result of processed machine data
Events stored in…
Index
Index directories
Labeled by age (date). Search looks at date first.
Search head
Handle search requests using Splunk search language. Enriches data with reports, dashboards, visualizations.
Search heads send searches to…
Indexers
Search Head tools (3)
Dashboards
Reports
Visualizations
Forwarders
Splunk Ent. instances that consume data and forward to indexers.
Splunk functions (4)
Input
Parsing
Indexing
Searching
Search requests processed by…
Indexers