System Admin Flashcards
Install, configure and manage components, manage apps, splunk licensing, indexes, users and authentication, configuratin files, alerts monitor MC and system health.
System Administration
Primarily responsible for data onboarding and management efforts that includes new data sources, newly ingested data sources, manage inputs for UFs/HFs to capture data, parsing event line breaking timestamp extraction, manage conf files and deploy changes to production
Data Administration
collect data and send it to splunk servers
Forwarders
- Allow users to submit search request using SPL
- Distribute search request to the indexers
- Consolidate results and render visualization results
Searching
- Reside on a dedicated machines
- Recieve index and store incoming data from forwarders
- Search data in response to request received from search heads
Indexing Parsing
- Splunk instances that monitor configured inputs and forward data to the index
- Requires minimal resources and typically installed on the machines that produce data
Inputs
splunkd, splunk web, web app-server proxy and kv-s tore
8089 8000 8065 8191
Provides both a search and management front-end for splunkd process
Splunk Web
Is the phyton server to listen on
8065
Splunk admin only app used to monitor and investigate splunk performance, resource, usage and more
MC
Provides a number of preconfigured platform alerts
MC Alerts Setup
is a trial Enterprise license of varying size and duration
Sales trial License
- Disables alerts, authentication, clustering distributed search summarization and forwarding to non splunk servers.
- Allows 500 MB/day of indexing and forwarding to other splunk instances.
Free License
- Set the server up as a heavy forwarder
- Applies to non indexing forwarders
- Allows authentication but not indexing
Forwarder License
Allow licenses to be subdivided and assigned to a group of indexers
Pools
