4. What is deployment server/Deployer/ Cluster Master?
- A deployer is used to deploy apps to a search head cluster.
- A cluster master is used to deploy apps and manage replication within an indexer cluster (single or multi-site)
- A deployment server is used to deploy apps to forwarders (and technically could be used to deploy apps to other Splunk servers)
5. Can I index a zip file?
Yes You can Index the zip file.
6. Can I Index same file twice? How to identify duplicacy?
YES, you can index the same file twice
index=<indexname> | stats count values(host) values(source) values(sourcetype) values(index) by _raw | WHERE count>1
