1. Main Functions of Splunk Enterprise

• Index Data
  • Collects data from any source
  • Index = factory
  • Data = raw materials
  • splunk looks at data and labels with source type
  • break data into single events
  • time stamps are identified and normalized to a consistent format
  • Event then stored in the splunk index where they can be searched
• Search and Investigate
  • By entering a query into the Splunk search bar
  • you can find events that contain values across multiple data sources
  • allowing you to analyze and run statistics on the events using Splunk search language
• Add Knowledge
  • referred to as knowledge objects
  • allow you to affect how your data is interpreted
  • gives it classification
  • add enrichment
  • normalize it
  • save reports for future use
• Monitor and Alert
  • Splunk can proactively monitor your infrastructure in real time
  • to identify issues, problems and attacks
  • before they impact your customers and services
  • You can create alerts to monitor for specific conditions and automatically respond with a variety of actions
• Report and Analyze
  • Splunk allows you to collect reports and visulizations into dashboards
  • empowering groups in your organization by giving them infomation they need
  • organized into a single pane