1
Q
Add Data: Monitor option
A
Monitor files, directories, HTTP events, TCP/UDP, Scripts
2
Q
Add Data: Forward option
A
Receive data from external forwarders
3
Q
App context
A
Tells splunk which app to apply source type to.
4
Q
Reasons to have separate indexes
A
Faster searches (narrower searches)
Limit access by user role
Set different retention policies
5
Q
Main input source
A
Forwarders
Splunk Fundamentals 1
flashcards
Decks in class (14)
# Cards
-
Module 1: Machine Data3
-
Module 2: What is Splunk?13
-
Module 3: Installing Splunk6
-
Module 4: Getting Data In5
-
Module 5: Basic Searching18
-
Module 6: Using Fields8
-
Module 7: Best Practices5
-
Module 8: SPL Fundamentals16
-
Module 9: Transforming Commands11
-
Module 10: Reports and Dashboards6
-
Module 11: Pivots and Datasets6
-
Module 12: Lookups8
-
Module 13: Scheduled Reports and Alerts9
-
RFI4
