Consider a use case involving firewall data. There is no Splunk-supported Technical Add-On, but the vendor has built one. What are the items that must be evaluated before installing the add-on? (Select all that apply.)
Consider a use case involving firewall data. There is no Splunk-supported Technical Add-On, but the vendor has built one. What are the items that must be evaluated before installing the add-on? (Select all that apply.)
Before installing a vendor-built Technical Add-On (TA) for firewall data, it is crucial to validate if the TA enables event data for a data model and verify if it needs to be installed onto both a search head or indexer. Enabling event data for a data model ensures that the TA can integrate properly with data models used in Splunk, facilitating data normalization and allowing for more efficient searches and analyses. Verifying the installation requirements is essential because the correct placement of the TA (whether on a search head, indexer, or both) ensures it functions properly within the Splunk infrastructure. Identifying the number of scheduled or real-time searches and the maximum number of forwarders a TA can support are less critical in this context.
A B D - there is no "maximum" amount of forwarders a TA can support.
I can't find any mention of needing any of A, B, or C. Why would I care how many searches there might be or the data model?
The answer is A C D
answers ABD seems correct!!!
A. Identify number of scheduled or real-time searches. B. Validate if this Technical Add-On enables event data for a data model. D. Verify if Technical Add-On needs to be installed onto both a search head or indexer. Before installing a Technical Add-On for firewall data, it is important to evaluate several factors to ensure that the add-on will function correctly and integrate with the organization's existing infrastructure. Some key items that should be evaluated include the number of scheduled or real-time searches that will be performed using the add-on, whether the add-on enables event data for a data model, and whether the add-on needs to be installed onto both a search head or indexer. C, identifying the maximum number of forwarders Technical Add-On can support, may also be important depending on the size and scale of the organization's deployment, but it is not as critical as the other factors mentioned.
Any reference for this?
ABD is the answer
Do you have a reference for this?
B, D. TA should not have dashboards or SC or searchs.
Correct: A - Identify number of scheduled or real-time searches. B - Validate if this Technical Add-On enables event data for a data model. Incorrect: C - The number of forwarders that the TA can support is not relevant, as the TA is installed on the indexer or search head, not on the forwarder. D - The installation location of the TA depends on the type of data and the use case, so it is not a fixed requirement