Splunk Interview Questions

Authored by

Before attending Interviews on any technologies you need know,

  • Which position you are targeting?
  • What level of experience they are expecting?
  • What is your long term goal? How that technology is going to help you in the long run to achieve it?

Normally below are the type of people who will be interested in Splunk related Jobs,

  1. People who are interested in Textual Data Analytics.
  2. People who are interested in Big Data technologies.
  3. People with Splunk Administration experience.
  4. People with Splunk App development experience.

Before getting into questions its better to list set of technologies which people should know for each level what are the technologies should be known.

As an interviewer am trying to list down some important questions which might look bit difficult but preparing to these will give more confidence and hold on Splunk.

Interviewer normally starts with,

About Splunk

  1. What is Splunk?
  2. What is the concept behind Splunk? And how it works internally?
  3. Why Splunk?
  4. Why Splunk for Log Analytics?
  5. Who are Splunk’s competitors? How Splunk is better than them?
  6. How to configure local Splunk?

Architecture and Components of Splunk

  1. Explain the basic Architecture?
  2. What are the components of Splunk?
  3. What is Indexer?
  4. What is Search Head?
  5. What are Forwarders and their types?
  6. What are the General Splunk Deployment Topologies?
  7. Explain Load Balancing in Splunk? How it works? Any idea on configuration techniques?
  8. Differences between Heavy and Universal Forwarders?
  9. When we need Universal Forwarders?
  10. When we need Heavy Forwarders?
  11. What are the Default ports used by Splunk processes?
  12. Explain Splunk’s directory structure?
  13. Explain Configuration file precedence?

Splunk Searching and Knowledge Objects

  1. What are the different ways to build a Dashboard in Splunk?
  2. What are the types of Commands used in Splunk SPL?
  3. What are Macros? Why Macros?
  4. What are Lookups? Why Lookups?
  5. What are Saved Searches? Why Saved Searches?
  6. What are Data Models? Why Data Models?
  7. What are tags? Why tags?
  8. How Event Types are helpful?
  9. How we can schedule an alert in Splunk? How we can control alerting in Splunk?
  10. How mail can be sent through queries?
  11. What are workflow actions?
  12. Ways to extract fields?
  13. What is search time field extraction?
  14. Differences between Search time and Index time field extractions?
  15. What are reporting commands?
  16. What are generating commands?
  17. What are streaming commands?
  18. When multisearch command is useful?
  19. What are the limitations of join command?
  20. Uses of REST API in Splunk?
  21. How to configure Alerts in Splunk?
  22. Can we send an alert mail using Splunk? What are the different ways to do that?
  23. Can we show Splunk dashboards in any third party Web apps?
  24. Use of Time modifiers in Splunk?
  25. Use of _time field in Splunk?
  26. Use of Time Zone property in Splunk? When it is required the most?

Basic Statistics

  1. What is measure of central tendency and measure of dispersion in Statistics?
  2. How you implement basic Statistics on data using Splunk?

Splunk Development

  1. How to customize Splunk’s Simple XML table contents?
  2. How drill downs can be achieved using Splunk?
  3. What are tokens?
  4. How tokens can be accessed in JavaScript end?
  5. How to set a token based on condition using Splunk Simple XML?
  6. How to assign colors in a chart based on field names in Splunk?
  7. When to use Splunk SDK’s?
  8. Created any command with Splunk? How to create one?
  9. Used any SDK’s of Splunk? Use case details?

Questions will be updated on daily basis. Keep visiting for new set of questions 🙂