Databases Reference
In-Depth Information
°
Indexes
: An Index is essentially a datastore. Under the covers, it
is simply a set of directories, created and managed by Splunk. For
small installations, a single index is usually acceptable. For larger
installations, using multiple indexes allows flexibility in security,
retention, and performance tuning, and better use of hardware.
We will discuss this further in
Chapter 10
,
Configuring Splunk
.
•
Deployment
: The two options here relate to distributed deployments.
(we will cover these options in detail in
Chapter 11
,
Advanced Deployments
):
°
Distributed Search
: Any Splunk instance running searches can
utilize itself and other Splunk instances to retrieve results. This
interface allows you to configure access to other Splunk instances.
°
Deployment
: Splunk includes a deployment server component to
aid in distributing configurations to the many instances that can be
involved in a distributed installation. There is no need to use the
deployment server, particularly if you already have something to
manage configurations.
•
Users and authentication
: This section provides authentication controls
and an account link.
°
Access controls
: This section is for controlling how Splunk
authenticates users and what users are allowed to see and do.
We will discuss this further in
Chapter 10
,
Configuring Splunk
.
°
Your account
: We saw this earlier when we clicked on the name
of the user currently logged in on the top bar.
Summary
As you have seen in this chapter, the Splunk GUI provides a rich interface for
working with search results. We have really only scratched the surface and will
cover more elements as we use them in later chapters.
In the next chapter, we will dive into the nuts and bolts of how search works, so that
you can make efficient searches to populate the cool reports we will make in
Chapter
3
,
Tables, Charts, and Fields
, and beyond.
Search WWH ::
Custom Search