What is different about Splunk?

What is different about Splunk?

Let’s talk about some different things about splunk.

[TOC]

Momont of Magic

What is Machine Data?

Logs is great, but not enough. Splunk can ingress all type data, the Splunk guys call them Machine Data. Every entry need have 4 field: source, source_type, timestamp, raw.

Modify your query, and search again

What do you mean parse log?

In Splunk, parse log means extract fields, rename, category and lookup.

Ordinary SIEM products

There are many SIEM vendors, from 15 years ago.

HPE ArcSight

IBM Qadar

###

此文作者:Benjamin Tan, 分类: siem, 标签: splunk, 发布于:2016-08-23 00:00:00 +0000。
转载须以超链接形式标明文章原始出处和作者信息及版权声明.