in Splunk Interview

Splunk Interview Questions for Admin

122 Views

splunk interview questions for admin
splunk interview questions for admin

Here we will be adding all the possible list of splunk interview questions for admin & answers that can be asked by an interviewer in an interview.

List of splunk interview questions for admin:

1. How to setup SH, Indexer and HF separately?

SETUP HF:

  • log into Splunk Web as admin on the instance that will be forwarding data.
  • Click Settings > Forwarding and receiving.
  • At Configure forwarding, click Add new.
  • Enter the hostname or IP address for the receiving Splunk instance(s), along with the receiving port specified when the receiver was configured. For example, you might enter receivingserver.com:9997.
  • Click Save.
  • Restart Splunk Web.

Configure heavy forwarders to index and forward data

Use a heavy forwarder to receive, parse and forward the data to another indexer.

  • Log into Splunk Web as admin on the instance that will be forwarding data.
  • Click Settings > Forwarding and receiving.
  • Select Forwarding defaults.
  • Select Yes to store and maintain a local copy of the indexed data on the forwarder.

SETUP SEARCH HEAD:

  • Login to splunk Web
  • Setting>distributed search>search peer>add new
  • Input Peer URI <Index ip>:<nmanagement port>
  • Remote username
  • Password
  • Click save
  • Saved please check again same path to see index added to Searchead and replication status is successful.

SETUP INDEXER:

Login instance

  • Go to settings>>forward and receiving

Configure receiving:

  • Click Add new
  • Input port and click Save

What do you think?

0 Points
Upvote Downvote

splunksplunk interview

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

splunk interview questions for developer

Splunk Interview Questions for Developer
datamodel in splunk

Data Model in Splunk