Splunk is used for monitoring and searching through big data. It indexes and correlates information in a container that makes it searchable, and makes it possible to generate alerts, reports, and visualizations.
Four Stages of Splunk includes
- Accepts any text data as input
- Parses data into events (Consider as Rows of a DB Table)
- Stores events in indexes (Consider as DB Table)
- Searches and Reports
On the basis of the above capabilities, Splunk is divided into 3 Parts
Indexer receives the data from Forwarder and parses it into events based on data and index in Splunk. Before indexing, data goes into the license meter( to check the daily data limit to index). During indexing transformation of data also takes place and then store it into Splunk index
Search Head helps to search data on the index and provides visualization.
Splunk is highly scaleable where it has many indexers or forwarders and deployment servers. The below diagram shows the distributed environment of Splunk.
Splunk Enterprise includes the following software
Splunk Universal Forwarder
Splunk Universal Forwarder includes the following software
mm
0 comments:
Post a Comment