The Splunk Bible Flashcards
What is Splunk Free?
Splunk Free is the totally free version of Splunk software. The Free license lets
you index up to 500 MB per day and will never expire.
It has a few limitations.
What is *nix?
An operating system is said to be Unix-based or Unix-like if it’s designed to function and behave similar to the Unix operating system.
What is the Unix operating system?
UNIX is an operating system developed in the Bell Laboratories of AT&T and is an example a multi-tasking, multi-user operating system. It provides its users with: program development tools; electronic communications facilities, such as an electronic mail; text editors and text formatters. There are also many development tools available as standard within the UNIX operating system that other operating systems require as add-ons.
What are the differences between *nix and Windows in Splunk operations?
Paths:
An example of a *nix path:
/opt/splunk/bin/splunkd
An example of a Windows path:
C:\Program Files\Splunk\bin\splunkd.exe
Environment variables:
*nix:
# SPLUNK_HOME=/opt/splunk; export $SPLUNK_HOME
Windows:
> set SPLUNK_HOME=”C:\Program Files\Splunk”
> echo %SPLUNK_HOME%
C:\Program Files\Splunk
>
Configuration files: Splunk worsk with configuration files that use ASCII/UTF-8 character set encoding. When you edit configuration files on Windows, configure your test editor to write files with this encoding, as on some Windows versions, UTF-8 is not the default character set encoding.
What is UTF-8 and ASCII?
American Standard Code for Information Interchange - is a character encoding standard for electronic communication. ASCII codes represent text in computers, telecommunications equipment, and other devices. Most modern character-encoding schemes are based on ASCII, although they support many additional characters.
UTF-8 stands for “Unicode Transformation Format - 8 bits. and it is by far the most common encoding for the World Wide Web.
UTF-8 is backward compatible with ASCII.
What is character encoding?
Character encoding is used to represent a repertoire of characters by some kind of encoding system that assigns a number to each character for digital representation.
A character encoding tells the computer how to interpret raw zeroes and ones into real characters.
What is Unicode?
Unicode is a universal character encoding standard that assigns a code to every character and symbol in every language in the world. Since no other encoding standard supports all languages, Unicode is the only encoding standard that ensures that you can retrieve or combine data using any combination of languages.
How to set %SPLUNK_HOME% in two different ways?
Edit splunk-launch.conf in %SPLUNK_HOME%\etc.
or
Set the variable by accessing the “Environment Variables” window. Open
an Explorer window, and on the left pane, right-click “My Computer”, then
select “Properties” from the window that appears. Once the System
Properties window appears, select the “Advanced” tab, then click on the
“Environment Variables” button that appears along the bottom window of
the tab.
What are some considirations to ensure peak Splunk performance (when setting upt the splunk environment)
- Designate one or more machines solely for Splunk operations
- Dedicate fast disks for your Splunk indexes
- Don’t allow anti-virus programs to scan disks uset for splunk operations
- Use multiple indexes where possible
- Don’t store your indexes in the same physical disk or partitions as the OS
- Maintain disk availability, nadwitch and space on your Splunk indexes. Make sure that the fdisk values that have Splunk’s indexes maintain 20% or more free space at all time.
