Consider a use case involving firewall data. There is no Splunk-supported Technical Add-On, but the vendor has built one. What are the items that must be evaluated before installing the add-on? (Select all that apply.)
A.
Identify number of scheduled or real-time searches.
B.
Validate if this Technical Add-On enables event data for a data model.
C.
Identify the maximum number of forwarders Technical Add-On can support.
D.
Verify if Technical Add-On needs to be installed onto both a search head or indexer.
A: For the app to run as intended you might run into concurrency limits with the stock settings. B: you don't want a bunch of new *unexpected* data flowing into one of Splunks default data models. C doesn't make sense because like frappe mentioned the TA doesn't care how many forwarders are supported if it is built right - it is entirely infra dependent. D: Needs to be considered for if there are indexed field extractions or data masking expected
Correct:
A - Identify number of scheduled or real-time searches.
B - Validate if this Technical Add-On enables event data for a data model.
Incorrect:
C - The number of forwarders that the TA can support is not relevant, as the TA is installed on the indexer or search head, not on the forwarder.
D - The installation location of the TA depends on the type of data and the use case, so it is not a fixed requirement
A. Identify number of scheduled or real-time searches.
B. Validate if this Technical Add-On enables event data for a data model.
D. Verify if Technical Add-On needs to be installed onto both a search head or indexer.
Before installing a Technical Add-On for firewall data, it is important to evaluate several factors to ensure that the add-on will function correctly and integrate with the organization's existing infrastructure. Some key items that should be evaluated include the number of scheduled or real-time searches that will be performed using the add-on, whether the add-on enables event data for a data model, and whether the add-on needs to be installed onto both a search head or indexer.
C, identifying the maximum number of forwarders Technical Add-On can support, may also be important depending on the size and scale of the organization's deployment, but it is not as critical as the other factors mentioned.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
frappe
Highly Voted 1 year, 7 months agob5white
6 months, 3 weeks agoBob_Hob
1 week, 6 days agoadamsca
Most Recent 4 months, 3 weeks agoqtygbapjpesdayazko
8 months, 3 weeks agodeepali_2710
10 months agomarinatedcohort
3 months, 2 weeks agolzng3r
11 months, 2 weeks agomarinatedcohort
3 months, 2 weeks agodenominator
1 year, 2 months agojust4learn
1 year, 11 months ago