3 Months Free Update
3 Months Free Update
3 Months Free Update
Which network input option provides durable file-system buffering of data to mitigate data loss due to network outages and splunkd restarts?
A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?
Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)
Which default Splunk role could be assigned to provide users with the following capabilities?
Create saved searches
Edit shared objects and alerts
Not allowed to create custom roles
Which setting allows the configuration of Splunk to allow events to span over more than one line?
Which option accurately describes the purpose of the HTTP Event Collector (HEC)?
What is the correct example to redact a plain-text password from raw events?
Assume a file is being monitored and the data was incorrectly indexed to an exclusive index. The index is
cleaned and now the data must be reindexed. What other index must be cleaned to reset the input checkpoint
information for that file?
Which of the following monitor inputs stanza headers would match all of the following files?
/var/log/www1/secure.log
/var/log/www/secure.l
/var/log/www/logs/secure.logs
/var/log/www2/secure.log
What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
What is an example of a proper configuration for CHARSET within props.conf?
A non-clustered Splunk environment has three indexers (A,B,C) and two search heads (X, Y). During a search executed on search head X, indexer A crashes. What is Splunk's response?
Which setting in indexes. conf allows data retention to be controlled by time?
The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require
multiple indexers. Following best practices, which types of Splunk component instances are needed?
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
Which of the following are reasons to create separate indexes? (Choose all that apply.)
After automatic load balancing is enabled on a forwarder, the time interval for switching indexers can be updated by using which of the following attributes?
When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?
What will the following inputs. conf stanza do?
[script://myscript . sh]
Interval=0
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
Which of the following are supported options when configuring optional network inputs?
You update a props. conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btoo1 props list —debug. What will the output be?
In addition to single, non-clustered Splunk instances, what else can the deployment server push apps to?
Which of the following must be done to define user permissions when integrating Splunk with LDAP?
Which of the following is an appropriate description of a deployment server in a non-cluster environment?
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
A Universal Forwarder has the following active stanza in inputs . conf:
[monitor: //var/log]
disabled = O
host = 460352847
An event from this input has a timestamp of 10:55. What timezone will Splunk add to the event as part of indexing?
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
What options are available when creating custom roles? (select all that apply)
How is data handled by Splunk during the input phase of the data ingestion process?
The following stanzas in inputs. conf are currently being used by a deployment client:
[udp: //145.175.118.177:1001
Connection_host = dns
sourcetype = syslog
Which of the following statements is true of data that is received via this input?