What is AWS Lambda in AWS Devops?

AWS Lambda lets you run code without provisioning or managing servers. With Lambda,
you can run code for virtually any type of application or backend service, all with
zero
administration.
Just upload your code and Lambda takes care of everything required to run and scale
your
code with high availability.
Splunk DevOps Interview Questions
Question: What is Splunk?
The platform of Splunk allows you to get visibility into machine data generated
from
different networks, servers, devices, and hardware.
It can give insights into the application management, threat visibility,
compliance, security,
etc. so it is used to analyze machine data. The data is collected from the
forwarder from the
source and forwarded to the indexer. The data is stored locally on a host machine
or cloud.
Then on the data stored in the indexer the search head searches, visualizes,
analyzes and
performs various other functions.
Question: What Are The Components Of Splunk?
The main components of Splunk are Forwarders, Indexers and Search Heads.Deployment
Server(or Management Console Host) will come into the picture in case of a larger
environment.
Deployment servers act like an antivirus policy server for setting up Exceptions
and Groups
so that you can map and create adifferent set of data collection policies each for
either
window based server or a Linux based server or a Solaris based server. plunk has
four
important components :
Indexer – It indexes the machine data
Forwarder – Refers to Splunk instances that forward data to the remote indexers
Search Head – Provides GUI for searching
Deployment Server –Manages the Splunk components like indexer, forwarder, and
52/71
search head in computing environment.
Question: What are alerts in Splunk?
An alert is an action that a saved search triggers on regular intervals set over a
time range,
based on the results of the search.
When the alerts are triggered, various actions occur consequently.. For instance,
sending
an email when a search to the predefined list of people is triggered.
Three types of alerts:
1. Pre-result alerts : Most commonly used alert type and runs in real-time for an
alltime
span. These alerts are designed such that whenever a search returns a result,
they are triggered.
2. Scheduled alerts : The second most common- scheduled results are set up to
evaluate the results of a historical search result running over a set time range on
a
regular schedule. You can define a time range, schedule and the trigger condition
to
an alert.
3. Rolling-window alerts: These are the hybrid of pre-result and scheduled alerts.
Similar to the former, these are based on real-time search but do not trigger each
time the search returns a matching result . It examines all events in real-time
mapping
within the rolling window and triggers the time that specific condition by that
event in
the window is met, like the scheduled alert is triggered on a scheduled search.
Question: What Are The Categories Of SPL Commands?
SPL commands are divided into five categories:
1. Sorting Results – Ordering results and (optionally) limiting the number of
results.
2. Filtering Results – It takes a set of events or results and filters them into a
smaller
set of results.
3. Grouping Results – Grouping events so you can see patterns.
4. Filtering, Modifying and Adding Fields – Taking search results and generating a
summary for reporting.
5. Reporting Results – Filtering out some fields to focus on the ones you need, or
modifying or adding fields to enrich your results or events.
Question: What Happens If The License Master Is
Unreachable?
In case the license master is unreachable, then it is just not possible to search
the data.
53/71
However, the data coming in to the Indexer will not be affected. The data will
continue to
flow into your Splunk deployment.
The Indexers will continue to index the data as usual however, you will get a
warning
message on top your Search head or web UI saying that you have exceeded the
indexing
volume.
And you either need to reduce the amount of data coming in or you need to buy a
higher
capacity of license. Basically, the candidate is expected to answer that the
indexing does
not stop; only searching is haltedWhat is AWS Lambda in AWS Devops?
AWS Lambda lets you run code without provisioning or managing servers. With Lambda,
you can run code for virtually any type of application or backend service, all with
zero
administration.
Just upload your code and Lambda takes care of everything required to run and scale
your
code with high availability.
Splunk DevOps Interview Questions
Question: What is Splunk?
The platform of Splunk allows you to get visibility into machine data generated
from
different networks, servers, devices, and hardware.
It can give insights into the application management, threat visibility,
compliance, security,
etc. so it is used to analyze machine data. The data is collected from the
forwarder from the
source and forwarded to the indexer. The data is stored locally on a host machine
or cloud.
Then on the data stored in the indexer the search head searches, visualizes,
analyzes and
performs various other functions.
Question: What Are The Components Of Splunk?
The main components of Splunk are Forwarders, Indexers and Search Heads.Deployment
Server(or Management Console Host) will come into the picture in case of a larger
environment.
Deployment servers act like an antivirus policy server for setting up Exceptions
and Groups
so that you can map and create adifferent set of data collection policies each for
either
window based server or a Linux based server or a Solaris based server. plunk has
four
important components :
Indexer – It indexes the machine data
Forwarder – Refers to Splunk instances that forward data to the remote indexers
Search Head – Provides GUI for searching
Deployment Server –Manages the Splunk components like indexer, forwarder, and
52/71
search head in computing environment.
Question: What are alerts in Splunk?
An alert is an action that a saved search triggers on regular intervals set over a
time range,
based on the results of the search.
When the alerts are triggered, various actions occur consequently.. For instance,
sending
an email when a search to the predefined list of people is triggered.
Three types of alerts:
1. Pre-result alerts : Most commonly used alert type and runs in real-time for an
alltime
span. These alerts are designed such that whenever a search returns a result,
they are triggered.
2. Scheduled alerts : The second most common- scheduled results are set up to
evaluate the results of a historical search result running over a set time range on
a
regular schedule. You can define a time range, schedule and the trigger condition
to
an alert.
3. Rolling-window alerts: These are the hybrid of pre-result and scheduled alerts.
Similar to the former, these are based on real-time search but do not trigger each
time the search returns a matching result . It examines all events in real-time
mapping
within the rolling window and triggers the time that specific condition by that
event in
the window is met, like the scheduled alert is triggered on a scheduled search.
Question: What Are The Categories Of SPL Commands?
SPL commands are divided into five categories:
1. Sorting Results – Ordering results and (optionally) limiting the number of
results.
2. Filtering Results – It takes a set of events or results and filters them into a
smaller
set of results.
3. Grouping Results – Grouping events so you can see patterns.
4. Filtering, Modifying and Adding Fields – Taking search results and generating a
summary for reporting.
5. Reporting Results – Filtering out some fields to focus on the ones you need, or
modifying or adding fields to enrich your results or events.
Question: What Happens If The License Master Is
Unreachable?
In case the license master is unreachable, then it is just not possible to search
the data.
53/71
However, the data coming in to the Indexer will not be affected. The data will
continue to
flow into your Splunk deployment.
The Indexers will continue to index the data as usual however, you will get a
warning
message on top your Search head or web UI saying that you have exceeded the
indexing
volume.
And you either need to reduce the amount of data coming in or you need to buy a
higher
capacity of license. Basically, the candidate is expected to answer that the
indexing does
not stop; only searching is haltedWhat is AWS Lambda in AWS Devops?
AWS Lambda lets you run code without provisioning or managing servers. With Lambda,
you can run code for virtually any type of application or backend service, all with
zero
administration.
Just upload your code and Lambda takes care of everything required to run and scale
your
code with high availability.
Splunk DevOps Interview Questions
Question: What is Splunk?
The platform of Splunk allows you to get visibility into machine data generated
from
different networks, servers, devices, and hardware.
It can give insights into the application management, threat visibility,
compliance, security,
etc. so it is used to analyze machine data. The data is collected from the
forwarder from the
source and forwarded to the indexer. The data is stored locally on a host machine
or cloud.
Then on the data stored in the indexer the search head searches, visualizes,
analyzes and
performs various other functions.
Question: What Are The Components Of Splunk?
The main components of Splunk are Forwarders, Indexers and Search Heads.Deployment
Server(or Management Console Host) will come into the picture in case of a larger
environment.
Deployment servers act like an antivirus policy server for setting up Exceptions
and Groups
so that you can map and create adifferent set of data collection policies each for
either
window based server or a Linux based server or a Solaris based server. plunk has
four
important components :
Indexer – It indexes the machine data
Forwarder – Refers to Splunk instances that forward data to the remote indexers
Search Head – Provides GUI for searching
Deployment Server –Manages the Splunk components like indexer, forwarder, and
52/71
search head in computing environment.
Question: What are alerts in Splunk?
An alert is an action that a saved search triggers on regular intervals set over a
time range,
based on the results of the search.
When the alerts are triggered, various actions occur consequently.. For instance,
sending
an email when a search to the predefined list of people is triggered.
Three types of alerts:
1. Pre-result alerts : Most commonly used alert type and runs in real-time for an
alltime
span. These alerts are designed such that whenever a search returns a result,
they are triggered.
2. Scheduled alerts : The second most common- scheduled results are set up to
evaluate the results of a historical search result running over a set time range on
a
regular schedule. You can define a time range, schedule and the trigger condition
to
an alert.
3. Rolling-window alerts: These are the hybrid of pre-result and scheduled alerts.
Similar to the former, these are based on real-time search but do not trigger each
time the search returns a matching result . It examines all events in real-time
mapping
within the rolling window and triggers the time that specific condition by that
event in
the window is met, like the scheduled alert is triggered on a scheduled search.
Question: What Are The Categories Of SPL Commands?
SPL commands are divided into five categories:
1. Sorting Results – Ordering results and (optionally) limiting the number of
results.
2. Filtering Results – It takes a set of events or results and filters them into a
smaller
set of results.
3. Grouping Results – Grouping events so you can see patterns.
4. Filtering, Modifying and Adding Fields – Taking search results and generating a
summary for reporting.
5. Reporting Results – Filtering out some fields to focus on the ones you need, or
modifying or adding fields to enrich your results or events.
Question: What Happens If The License Master Is
Unreachable?
In case the license master is unreachable, then it is just not possible to search
the data.
53/71
However, the data coming in to the Indexer will not be affected. The data will
continue to
flow into your Splunk deployment.
The Indexers will continue to index the data as usual however, you will get a
warning
message on top your Search head or web UI saying that you have exceeded the
indexing
volume.
And you either need to reduce the amount of data coming in or you need to buy a
higher
capacity of license. Basically, the candidate is expected to answer that the
indexing does
not stop; only searching is halted