B. Splunk can search data in the Hadoop File System (HDFS).
C. You can use Splunk alerts to provision actions on a third-party system.
D. You can forward data from Splunk forwarder to a third-party system without indexing it first.
Unpopular answer I guess, but I'd say A and C.
A. Hadoop applications can search data in Splunk using the REST API at minimum
C. Alert actions can be used to trigger actions based on a query result
But not...
B. Splunk can't search data on HDFS without indexing it first.
D. I see other comments saying that there's a 3rd party tool that can receive data directly from a UF, but assume that this is talking about first-party architecture as designed (and, besides, they have a lawsuit open against Cribl :))
100% B,C,D
B. Splunk can search data in the Hadoop File System (HDFS). - Correct
C. You can use Splunk alerts to provision actions on a third-party system. - Correct: Systems such as Critical Start can utilize alerts to provision additional actions from within their system.
D. You can forward data from Splunk forwarder to a third-party system without indexing it first. - Correct: As mentioned Cribl LogStream can ingest data directly from the UF modify the streamed data, and then forward that data to the indexer(s)
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
M_K_S
Highly Voted 3 years, 3 months agoqtygbapjpesdayazko
Most Recent 8 months, 3 weeks agoProctor
1 year, 4 months agoBob_Hob
1 week, 6 days agoqtygbapjpesdayazko
6 months, 1 week agobrettw
1 year, 5 months agodseitz
2 years, 4 months agoRedYeti
1 year, 10 months ago[Removed]
1 year, 11 months agodiddely
2 years, 1 month ago