Book Image

Mastering Splunk

By : James D. Miller
Book Image

Mastering Splunk

By: James D. Miller

Overview of this book

Table of Contents (18 chapters)
Mastering Splunk
About the Author
About the Reviewers

Location, location, location

You might think that the question whether your data is local or remote is straightforward, but with Splunk, there are a few principles that will determine the answer. These include the following:

  • The operating system on which Splunk is installed

  • The kind of data that is directly connected to Splunk

  • Whether any authentication or other intermediate steps are needed to access the data that you want Splunk to index

  • The distance and size of the data being monitored

This is represented in the following diagram:

Generally speaking, if there are no intermediate steps between the data and Splunk, it's considered local. Examples of intermediate steps might be:

  • Attaching or connecting (for example, to a specific network disk or server)

  • Authentications (for example, communicating through an established firewall)

  • Mapping a network drive or folder

This is represented in the following diagram:

Simply put, data is considered to be remote when something needs to occur before Splunk can...