4.
Filtering, Modifying and Adding Fields
– Taking search results and generating
a
summary for reporting.
5.
Reporting Results
– Filtering out some fields to focus on the ones you need,
or
modifying or adding fields to enrich your results or events.
Question:
What Happens If The License Master
Is Unreachable?
In case the license master is unreachable, then it is just not possible to search the data.
53/71
However, the data coming in to the Indexer will not be affected. The data will continue to
flow into your Splunk deployment.
The Indexers will continue to index the data as usual however, you will get a warning
message on top your Search head or web UI saying that you have exceeded the indexing
volume.
And you either need to reduce the amount of data coming in or you need to buy a higher
capacity of license. Basically, the candidate is expected to answer that the indexing does
not stop; only searching is halted
Question: What are common port numbers used by Splunk?
Common port numbers on which default services run are:
Service
Port
Number
Splunk Management Port
8089
Splunk Index
Replication
Port
8080
KV store
8191
Splunk Web Port
8000
Splunk Indexing Port
9997
Splunk network port
514
Question: What Are Splunk Buckets? Explain
The Bucket
Lifecycle?
A directory that contains indexed data is known as a Splunk bucket. It also contains events
of a certain period. Bucket lifecycle includes following stages:
Do'stlaringiz bilan baham: 
