by Kristof Vandenborn | Sep 24, 2023 | Big Data, Splunk
In our previous article about apps, we s either aw that an app is a collection of config files with either general settings of your deployment or data related settings (for example extractions for Palo Alto firewall logs). To understand and to be able troubleshoot...
by Kristof Vandenborn | Aug 3, 2023 | Big Data, Splunk
In our last article we went over the structure of what in Splunk terms is called an app. I personally think that an configuration bundle would be a better name but he: potato potato 😉 Depending on the circumstances apps are deployed in a certain way. Manual deployment...
by Kristof Vandenborn | Aug 1, 2023 | Big Data, Splunk
Let me confess something to you all reading this article: Splunk apps and data models (which will cover in a later article) have been two of the most complicated concepts for me to grasp in the Splunk world. Hopefully after I explain it to you, you will understand...
by Kristof Vandenborn | Jul 31, 2023 | Big Data, Splunk
We have been dealing with some parts of the data ingestion in Splunk. Now it’s time to put everything we discussed so far into a more helicopter view. Inputs.conf, indexes.conf and outputs.conf There are three files on this diagram we did not speak about yet....
by Kristof Vandenborn | Jul 28, 2023 | Big Data, Splunk
In the article about roles. we treated a decent amount of different roles. But up until now we did not see yet who is responsible for getting the data to the indexers. Here is where forwarders come in. Universal Forwarder (UF) The Splunk Universal Forwarder is a very...
by Kristof Vandenborn | Jul 26, 2023 | Big Data, Splunk
In a distributed environment we will no longer have all functions performed by the same server, Each server will be designated one or more roles. These roles are also important from a monitoring perspective. As we will see in a later article Splunk’s Monitoring...
