Why use only splunk?
What are the unique benefits of getting data into a splunk instance via forwarders?
How to exclude some events from being indexed by splunk?
Explain search factor (sf) & replication factor (rf)?
What is the difference between search time and index time field extractions?
What are the defaults fields for every event in splunk?
Explain how data ages in splunk?
Why is splunk used for analyzing machine data?
Explain ‘license violation’ from splunk perspective.
Explain the splunk architecture?
What is the use of license master in splunk?
Explain search factor (sf)?
Why use only splunk? Why can’t I go for something that is open source?
Differentiate between inputlookup & outputlookup commands.
What are the different options while setting up alerts?
