Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Splunk ES Admin > Lookups and Identity Management > Flashcards

Lookups and Identity Management Flashcards

1
Q

What is an example of an ES asset?

A
  • Server
  • Network Devices
  • Endpoints
  • Databases
  • Applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which columns in the Assets lookup are used to identify an asset in an event?

A

ip, mac, dns, nt_host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does Identity Matching work

A
  • ES takes a value from an event’s user, src_user, email, or src_email field and tries to match it to a value in the identities lookup in the following order
    1. Identity column (exact match)
    2.Email (exact match)
    3. Email (alias without domain)
    4. Any (disabled by default)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Splunk ES Admin (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions