I am new user to Splunk and having difficulty understanding how to use it. I have some questions to start with. Please answer it, so that my use of Splunk can be easy
1) Does Splunk need to be installed on every server, whose log files are to be searched ?
2) If I install Splunk on my laptop, how do I specify files to be indexed and what fields to be indexed ? Is every file that need to be indexed, need to be specified in Splunk ?
3) If I have installed Splunk on 6 servers, how can I link all these instances for viewing ? eg I have installed Splunk on 3 servers and then I install it on 4th server, how do I add this 4th server in th UI to make it available for viewing ?
4) Do I need to specify which event to index from a file ?
Are all these things for a user OR Administrator OR developer ?
What language knowledge does a Splunk developer need ?
Does a Splunk Administrator need knowledge of operating system only OR does he need anything more than that ?
Thanks