Module 2 - Monitoring Splunk

Question 1

Content to monitor in MC

Answer 1

Search
Indexing
Resources
Forwarders
Instances

Question 2

Configure MC in standalone mode

Answer 2

Setting > general setup
Select mode: Standalone
Apply changes

Question 3

MC in Distributed Mode

Answer 3

Recommended on its own system
Same requirements as search head

Question 4

MC on shared instance

Answer 4

With License Manager
With deployment server (50< clients)
With indexer cluster Manager node

Question 5

Adding Splunk Instances to the MC

Answer 5

Repeat for each Search Head, Deployment Server, License Manager, and non-clustered Indexer

Settings > distributed search > Search peers > New peer >Save

DO NOT add clustered indexers

Question 6

MC Alerts

Answer 6

Disabled by default

Settings > Alert Setup

Question 7

MC Health Check

Answer 7

Series of ad hoc searches that run sequentially:
Monitoring Console > Health Check

Question 8

Splunk Assist

Answer 8

Cloud connected service
Insights in real time
Leverages Telemetry data

Question 9

Splunk diag

Answer 9

./splunk diag
Collects server specs: configure, os, file system and open current connections
Collect splunk platform data: Contents of SPLUNK_HOME/etc such as app configurations, Splunk log files, and index metadata

Creates tar.gz file and diag.log

Does not retrieve customer or index data

Question 10

Diagnostics in Splunk web

Answer 10

Instrumentation Settings > System > Instrumentation

RapidDiag - directly uploads to splunk support (Only Linux)