From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Join today to access over 25,300 courses taught by industry experts.
Splunk index time process - Splunk Tutorial
From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Splunk index time process
So, in practice, the data that you want to analyze in Splunk would typically be sitting on a source host somewhere as raw data. And what you want to do is to take that data, index the data into Splunk so that it can be available for search and analysis. Now, the Splunk index time process is made-up of the different phases that the data goes through to be available in Splunk for search and analysis. This process is broken down into three phases. The first phase is the input phase which is handled at the source of the data. And now what are the components that come into play? Remember we discussed different Splunk components. The first component here is the universal forwarder. We discussed the universal forwarder and we said the main role is just to get data from the source host and then send that data into Splunk for indexing. We also discussed the heavy forwarder as another type of forwarder. We said it has a little bit more added functionality because not only can it take the data…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.