Here we will be adding all the possible list of splunk interview questions for admin & answers that can be asked by an interviewer in an interview.

List of splunk interview questions for admin:

1. How to setup SH, Indexer and HF separately?

SETUP HF:

log into Splunk Web as admin on the instance that will be forwarding data.
Click Settings > Forwarding and receiving.
At Configure forwarding, click Add new.
Enter the hostname or IP address for the receiving Splunk instance(s), along with the receiving port specified when the receiver was configured. For example, you might enter receivingserver.com:9997.
Click Save.
Restart Splunk Web.

Configure heavy forwarders to index and forward data

Use a heavy forwarder to receive, parse and forward the data to another indexer.

Log into Splunk Web as admin on the instance that will be forwarding data.
Click Settings > Forwarding and receiving.
Select Forwarding defaults.
Select Yes to store and maintain a local copy of the indexed data on the forwarder.

SETUP SEARCH HEAD:

Login to splunk Web
Setting>distributed search>search peer>add new
Input Peer URI <Index ip>:<nmanagement port>
Remote username
Password
Click save
Saved please check again same path to see index added to Searchead and replication status is successful.

SETUP INDEXER: