5 Things Splunk Allows You to Do
- Index Data
- Search & Investigate
- Add Knowledge
- Monitor & Alert
- Report & Analyze
Splunk uses these 3 tool categories:
- Application Management
- Operations Management
- Security & Compliance
What does Splunk do? (the 3 a’s)
It allows you to aggregate, analyze, and get answers from machine data
True or False: Splunk allows you to index data from any source.
True
How is Splunk Enterprise deployed?
Components installed and administered on-premises.
How is Splunk Cloud deployed?
Splunk Enterprise as a scalable service. No infrastructure required.
What is Splunk Light?
Solution for small IT environments
What are Splunk apps? (hint: UC,FC,UP)
- Address a wide variety of use cases and to extend the power of Splunk.
- Collections of files containing data inputs, UI elements, and/or knowledge objects
- Allows multiple workspaces for different use cases/user roles to co-exist on a single Splunk instance
What is the functionality of user roles in Splunk?
They determine users’ capabilities and data access.
What are the 3 main roles out of the box?
- Admin
- Power
- User
True or False: Power users can create additional roles
False - only admins can do this
What does the Search & Reporting App do? (2 things)
- Provides a default interface for searching and analyzing.
2. Enables you to create knowledge objects, reports, and dashboards.
Data Summary Tab - Define “Host”
Unique identifier of where the events originated (host name, IP Address, etc.)
Data Summary Tab - Define “Source”
Name of the file, stream, or other input
Data Summary Tab - Define “Sourcetype”
Specific data type or data format
