In your own words, answer the questions ( Data mining with splunk)
1. What is Splunk?
2. What is machine data?
3. Define Splunk’s key architecture components listed below:
Forwarder
Indexer
Search Head
License Server
Deployment Server
Syslog Server
4. Define 3 types of analytics:
5. Explain Splunk SPL Search:
6. Explain Splunk’s Core features:
Reports
Dashboards
Apps
Alerts
7. List / define the 5 v’s of big data and describe why it’s so important to understand them when implementing a Splunk Enterprise solution:
8. List and briefly describe 3 ways to get machine logs into Splunk:
9. True or False – Splunk can only be installed on LINUX based systems.
10. True or False – Splunk uses pre-defined schema and database tables on the back end Indexer.
11. True or False – Splunk Alerts can be created to monitor machine data in real-time, alerting of an event as soon as it logged by the host.
12. True of False – Raw data is easier for the human brain to comprehend than data visualizations.
13. True or False – Pattern recognition is a powerful feature built into Splunk.
14. Define logging best practices and give at least one example:
15. Explain the difference between operational intelligence and business intelligence:
16. How can Splunk be of assistance during a forensic investigation?
17. Define host , data source, and data source type
18. What are data siloes?
19. Give two examples on how Splunk can be used to detect cyber threats:
20. What is a needle in the haystack?
21. Extra Credit #1 Explain machine log noise and low hanging fruit:
22. Extra Credit #2 – When developing a Splunk use case, list at least 4 questions you should ask the solutions team?
