in Splunk Interview

Common Splunk Interview Questions

134 Views

9. What if I don’t have a specific event can I create an alert?

Yes you can create an alert. But it won’t get triggered.

10. What are the default fields for every event in splunk?

They are host, source, source type, index and timestamp.

Also Looking for splunk interview questions for admin ? Click the button below:

Click Here

11. Difference between search time and index time field extractions?

Search time field extraction refers to the fields extracted while performing searches.

Search time field extraction’s extracted fields are not part of the metadata, so they do not consume disk space

fields extracted when the data comes to the indexer are referred to as Index time field extraction.

 Index time field extraction’s extracted fields are a part of metadata and hence consume disk space.

What do you think?

0 Points
Upvote Downvote

splunksplunk interview

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

splunk cli search

Splunk CLI Search
splunk interview questions for developer

Splunk Interview Questions for Developer