Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Splunk Enterprise/Cloud Administration > Module 11: Manipulating Raw Data > Flashcards

Module 11: Manipulating Raw Data Flashcards

1
Q

Why is it necessary to manipulate raw data?

A
  • Anonymise, mask or delete sensitive or unwanted information
  • Configure heavy forwarders or indexers to manipulate arriving data
  • Splunk cloud customers us a heavy forwarder
  • Two methods: SEDCMD like sed script or regex transform
  • Use stanza based on host, source, sourcetype to select events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can you manipulate data with SEDCMD?

A 
•Configured through props.conf
•Anonymise with sed script
o	SEDCMD-
o	s/ / /flags
o	flags: g – global or a number
o	Applied to _raw only
•Replaced characters with sed script
o	SEDCMD- - y//string2/
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can you manipulate data with a regex transform?

A 
•Configured through props and transforms
•Transforms.conf
o	REGEX – a PERC regex
o	FORMAT – arrange event post change
o	DEST_KEY – applied to field e.g raw
•Props.conf
o	TRANSFORM-
o	Comma separated list of transforms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Splunk Enterprise/Cloud Administration (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions