What are splunk buckets? Explain the bucket lifecycle?
Explain the output lookup command?
How splunk avoids duplicate indexing of logs?
How splunk helps the enterprise?
What is the difference between splunk app and splunk add on?
What are the components of splunk/splunk architecture?
What is difference between stats vs transaction command?
What is the difference between splunk sdk and splunk framework?
What commands are included in the filtering results category?
What is the use of sort command?
What are types of splunk licenses?
How would you handle/trou/able shoot splunk license violation warning error?
What happens if the license master is unreachable?
What commands are included in the grouping results category?
Explain data models and pivot?
