Which of the following server roles should be configured for a host which indexes its internal logs locally?
The Splunk Validated Architectures (SVAs) document provides a series of approved Splunk topologies. Which statement accurately describes how it should be used by a customer?
Where does the bloomfilter reside?
When utilizing a subsearch within a Splunk SPL search query, which of the following statements is accurate?
The data in Splunk is now subject to auditing and compliance controls. A customer would like to ensure that at least one year of logs are retained for both Windows and Firewall events. What data retention controls must be configured?
Consider the scenario where the /var/log directory contains the files secure, messages, cron, audit. A customer has created the following inputs.conf stanzas in the same Splunk app in order to attempt to monitor the files secure and messages:
Which file(s) will actually be actively monitored?
Which command is most efficient in finding the pass4SymmKey of an index cluster?