Splunk Enterprise — Q&A — 3

Table of Contents

1. Preface

2. Splunk Knowledge Objects

What are knowledge objects?

What are the 5 categories of knowldge objects?

What makes knowledge objects powerful tools for your splunk deployment?

What are the responsibilities of a Knowledge Manager?

What type of search fields does Data Interptetation have?

How does Data Classification help?

How does Data Enrichment help?

How does Data Normalization help?

How do Data Models help?

3. Splunk Report and Dashboard Creation

Why would you want to save a report?

What should the organization do before saving reports?

Where can you access saved reports?

Who can view a report once it is created?

When setting Run As, which should you choose in order to prevent other from being able to see confidential data?

What do you use to schedule report runs at time intervals?

What different ways are you able to save reports for visual presention in Content?

What data can viewed as a chart?

After running a search and hovering over an item in the sidebar, what are the report options you can run?

What can charts be based off on?

What are the different option to Save As a visualization report?

What is a Dashboard?

What options can you choose from when adding a New Panel?

4. Debrief



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dante E. Mata

Dante E. Mata

Experienced Cyber Intelligence Analyst with a demonstrated history of working in the US Military and IT industry with a focus in Cyber Security.