Lognalytics Technology
9. What if I don’t have a specific event can I create an alert?
Yes you can create an alert. But it won’t get triggered.
10. What are the default fields for every event in splunk?
They are host, source, source type, index and timestamp.
Also Looking for splunk interview questions for admin ? Click the button below:
11. Difference between search time and index time field extractions?
Search time field extraction refers to the fields extracted while performing searches.
Search time field extraction’s extracted fields are not part of the metadata, so they do not consume disk space
fields extracted when the data comes to the indexer are referred to as Index time field extraction.
Index time field extraction’s extracted fields are a part of metadata and hence consume disk space.
GIPHY App Key not set. Please check settings