Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Splunk User > Module 2 > Flashcards

Module 2 Flashcards

(4 cards)

Start Studying
1
Q

Index time process

A

Input phase:
Universal and heavy forwarder, data is open and read, configs are applied to data stream, sent out for indexing
Parsing phase:
Indexer & Heavy forwarder, data broken to events, extract default metadata fields (host, source, sourcetype, index), ID timestamps
Indexing phase:
Indexer, writes data to disk, runs license meter, build index structure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Options to add data

A

In the add data:
Upload - uploads local files, only gets indexed once
Monitor - monitor files and directories, ports etc (automatically uploaded to splunk as it goes)
Forward - Get data from remote machines (data from a forwarder)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

OS | Default Splunk Installation Directory | Directory for App Config Files

A

Windows | C:\Program Files\Splunk | C:\Program Files\Splunk\etc\apps
Linux | /opt/splunk/ | /opt/splunk/etc/apps
Mac OS | /Applications/Splunk | /Applications/Splunk/etc/apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Splunk User (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions