Splunk Data Source

The source of the data can be
event logs,
web logs,
live application logs,
network feeds,
system metrics,
change monitoring,
message queues,
archive files, and so on.

In general, data sources are grouped into the following categories.

[Files and directories]
Most data that you might be interested in comes directly from files and directories.

[Network events]
The Splunk software can index remote data from any network port and SNMP events from remote devices.

[Windows sources]
The Windows version of Splunk software accepts a wide range of Windows-specific inputs, including Windows Event Log, Windows Registry, WMI, Active Directory, and Performance monitoring.

[Other sources]
Other input sources are supported, such as [FIFO queues] and scripted inputs for getting data from [APIs], and other [remote data] interfaces.

Events are stored in the index as a group of files that fall into two categories:

Raw data, which is the data that you add to the Splunk deployment. The raw data is stored in a compressed format.
Index files, which include some metadata files that point to the raw data.
These files reside in sets of directories, called buckets, that are organized by age.

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。