Splunk Enterprise — Q&A — 1

https://discord.com/invite/7g9PrxVcc4

Table of Contents

1. Preface

2. Why Splunk?

What is Splunk?

What are the main functions of Splunk enterpise?

What is Index Data?

What is Search and Investigate?

What is Add Knowledge?

What is Monitor & Alert?

What is Report and Analyze?

3. Splunk in General

What are roles?

What are the 3 main roles and their description?

What two apps come by default with Splunk Enterprise?

What are the main components of the searching and reporting apps’ interface?

Where can you download apps?

4. Splunk Search

What can you type into the search bar to look for failed login attempts?

What can you do to narrow your search if responding to a recent alert?

What new options does search interface gain after running a search command?

What does the Save As Menu do?

Explain in detail the search results tab.

What are transforming commands?

Explain the search action buttons.

How do you share a search job?

By default, how long will a search job remain active?

How long will a shared search job remain active for?

What formats can you export search results?

Explain the 3 search modes.

Explain the timeline.

5. Debrief

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dante E. Mata

Dante E. Mata

Experienced Cyber Intelligence Analyst with a demonstrated history of working in the US Military and IT industry with a focus in Cyber Security.