Common Splunk Interview Questions

14. What are some of the most important configuration files in Splunk?

The most important configuration files in Splunk are:

• props.conf
• indexes.conf
• inputs.conf
• transforms.conf
• server.conf

15. Name the common port numbers used by Splunk?

The common port numbers for Splunk are:

• Splunk Web Port: 8000
• Splunk Management Port: 8089
• Splunk Network port: 514
• Splunk Index Replication Port: 8080
• Splunk Indexing Port: 9997
• KV store: 8191

16. Name the components of Splunk architecture?

The Splunk architecture is made of the following components:

• Search Head – It provides GUI for searching
• Indexer – It indexes the machine data
• Forwarder – It forwards logs to the Indexer
• Deployment server – It manages the Splunk components in a distributed environment and distributes configuration apps.
• License master-it keeps the track of all the components license usage
• Deployer-The deployer is a Splunk Enterprise instance that you use to distribute apps and certain other configuration updates to search head cluster members

17. Name the types of search modes supported in Splunk?

Splunk supports three types of search modes:

• Fast mode: It increases the searching speed by limiting search data.
• Smart mode: It is a default setting in a Splunk app. Smart mode toggles the search behavior based on transforming commands.
• Verbose mode: This mode returns all possible fields and event data.