Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?
Which of the following types of data count against the license daily quota?
In inputs. conf, which stanza would mean Splunk was only reading one local file?
Search heads in a company's European offices need to be able to search data in their New York offices. They also need to restrict access to certain indexers. What should be configured to allow this type of action?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
A security team needs to ingest a static file for a specific incident. The log file has not been collected previously and future updates to the file must not be indexed.
Which command would meet these needs?
An index stores its data in buckets. Which default directories does Splunk use to store buckets? (Choose all that apply.)
Which of the following apply to how distributed search works? (select all that apply)
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Which option accurately describes the purpose of the HTTP Event Collector (HEC)?
When using license pools, volume allocations apply to which Splunk components?
When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?
Which of the following must be done to define user permissions when integrating Splunk with LDAP?
What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
Which network input option provides durable file-system buffering of data to mitigate data loss due to network outages and splunkd restarts?
Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)
Load balancing on a Universal Forwarder is not scaling correctly. The forwarder's outputs. and the tcpout stanza are setup correctly. What else could be the cause of this scaling issue? (select all that apply)
What will the following inputs. conf stanza do?
[script://myscript . sh]
Interval=0
What event-processing pipelines are used to process data for indexing? (select all that apply)
Syslog files are being monitored on a Heavy Forwarder.
Where would the appropriate TRANSFORMS setting be deployed to reroute logs based on the event message?
When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?
A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?
After configuring a universal forwarder to communicate with an indexer, which index can be checked via the Splunk Web UI for a successful connection?
Which of the following are required when defining an index in indexes. conf? (select all that apply)
Consider the following stanza ininputs.conf:
What will the value of the source filed be for events generated by this scripts input?
The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require
multiple indexers. Following best practices, which types of Splunk component instances are needed?
Which of the following are reasons to create separate indexes? (Choose all that apply.)
A Universal Forwarder is collecting two separate sources of data (A,B). Source A is being routed through a Heavy Forwarder and then to an indexer. Source B is being routed directly to the indexer. Both sets of data require the masking of raw text strings before being written to disk. What does the administrator need to do to
ensure that the masking takes place successfully?
What type of Splunk license is pre-selected in a brand new Splunk installation?
Which Splunk component would one use to perform line breaking prior to indexing?
The CLI command splunk add forward-server indexer:
which configuration file?
Consider a company with a Splunk distributed environment in production. The Compliance Department wants to start using Splunk; however, they want to ensure that no one can see their reports or any other knowledge objects. Which Splunk Component can be added to implement this policy for the new team?
Within props. conf, which stanzas are valid for data modification? (select all that apply)
Which default Splunk role could be assigned to provide users with the following capabilities?
Create saved searches
Edit shared objects and alerts
Not allowed to create custom roles
Which of the following statements accurately describes using SSL to secure the feed from a forwarder?
Which authentication methods are natively supported within Splunk Enterprise? (select all that apply)
The Splunk administrator wants to ensure data is distributed evenly amongst the indexers. To do this, he runs
the following search over the last 24 hours:
index=*
What field can the administrator check to see the data distribution?
Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)
Which of the following enables compression for universal forwarders in outputs. conf ?
A)
B)
C)
D)