Consider a use case involving firewall data. There is no Splunk-supported Technical Add-On, but the vendor has built one. What are the items that must be evaluated before installing the add-on? (Select all that apply.)
A.
Identify number of scheduled or real-time searches.
B.
Validate if this Technical Add-On enables event data for a data model.
C.
Identify the maximum number of forwarders Technical Add-On can support.
D.
Verify if Technical Add-On needs to be installed onto both a search head or indexer.
A: For the app to run as intended you might run into concurrency limits with the stock settings. B: you don't want a bunch of new *unexpected* data flowing into one of Splunks default data models. C doesn't make sense because like frappe mentioned the TA doesn't care how many forwarders are supported if it is built right - it is entirely infra dependent. D: Needs to be considered for if there are indexed field extractions or data masking expected
Correct:
A - Identify number of scheduled or real-time searches.
B - Validate if this Technical Add-On enables event data for a data model.
Incorrect:
C - The number of forwarders that the TA can support is not relevant, as the TA is installed on the indexer or search head, not on the forwarder.
D - The installation location of the TA depends on the type of data and the use case, so it is not a fixed requirement
A. Identify number of scheduled or real-time searches.
B. Validate if this Technical Add-On enables event data for a data model.
D. Verify if Technical Add-On needs to be installed onto both a search head or indexer.
Before installing a Technical Add-On for firewall data, it is important to evaluate several factors to ensure that the add-on will function correctly and integrate with the organization's existing infrastructure. Some key items that should be evaluated include the number of scheduled or real-time searches that will be performed using the add-on, whether the add-on enables event data for a data model, and whether the add-on needs to be installed onto both a search head or indexer.
C, identifying the maximum number of forwarders Technical Add-On can support, may also be important depending on the size and scale of the organization's deployment, but it is not as critical as the other factors mentioned.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
frappe
Highly Voted 1 year, 8 months agob5white
8 months agoBob_Hob
1 month, 3 weeks agoadamsca
Most Recent 6 months agoqtygbapjpesdayazko
10 months agodeepali_2710
11 months, 1 week agomarinatedcohort
4 months, 4 weeks agolzng3r
1 year agomarinatedcohort
4 months, 4 weeks agodenominator
1 year, 3 months agojust4learn
2 years ago