Module 4: Getting Data In Flashcards
1
Q
Add Data: Monitor option
A
Monitor files, directories, HTTP events, TCP/UDP, Scripts
2
Q
Add Data: Forward option
A
Receive data from external forwarders
3
Q
App context
A
Tells splunk which app to apply source type to.
4
Q
Reasons to have separate indexes
A
Faster searches (narrower searches)
Limit access by user role
Set different retention policies
5
Q
Main input source
A
Forwarders
