In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
A Splunk administrator has been tasked with developing a retention strategy to have frequently accessed data sets on SSD storage and to have older, less frequently accessed data on slower NAS storage. They have set a mount point for the NAS. Which parameter do they need to modify to set the path for the older, less frequently accessed data in indexes.conf?
Which of the following applies only to Splunk index data integrity check?
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
Given a forwarder with the following outputs.conf configuration:
[tcpout : mypartner]
Server = 145.188.183.184:9097
[tcpout : hfbank]
server = inputsl . mysplunkhfs . corp : 9997 , inputs2 . mysplunkhfs . corp : 9997
Which of the following is a true statement?
In which phase of the index time process does the license metering occur?
When running the command shown below, what is the default path in which deployment server. conf is created?
splunk set deploy-poll deployServer:port
What is the difference between the two wildcards ... and - for the monitor stanza in inputs, conf?
What is the name of the object that stores events inside of an index?
You update a props. conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btoo1 props list —debug. What will the output be?
After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?
Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?
When deploying apps on Universal Forwarders using the deployment server, what is the correct component and location of the app before it is deployed?
How is a remote monitor input distributed to forwarders?
Which of the following are supported options when configuring optional network inputs?
Which of the following enables compression for universal forwarders in outputs. conf ?
A)
B)
C)
D)
What type of data is counted against the Enterprise license at a fixed 150 bytes per event?
Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)
Which of the following statements accurately describes using SSL to secure the feed from a forwarder?
When would the following command be used?
In which Splunk configuration is the SEDCMD used?
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?
All search-time field extractions should be specified on which Splunk component?
Who provides the Application Secret, Integration, and Secret keys, as well as the API Hostname when setting
up Duo for Multi-Factor Authentication in Splunk Enterprise?
Which Splunk component would one use to perform line breaking prior to indexing?
Which of the following are methods for adding inputs in Splunk? (select all that apply)
Which default Splunk role could be assigned to provide users with the following capabilities?
Create saved searches
Edit shared objects and alerts
Not allowed to create custom roles
A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?
After configuring a universal forwarder to communicate with an indexer, which index can be checked via the Splunk Web UI for a successful connection?
What type of Splunk license is pre-selected in a brand new Splunk installation?
A Universal Forwarder is collecting two separate sources of data (A,B). Source A is being routed through a Heavy Forwarder and then to an indexer. Source B is being routed directly to the indexer. Both sets of data require the masking of raw text strings before being written to disk. What does the administrator need to do to
ensure that the masking takes place successfully?
Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations
found in props.conf to be validated all through the UI?
Which forwarder type can parse data prior to forwarding?
When working with an indexer cluster, what changes with the global precedence when comparing to a standalone deployment?
Syslog files are being monitored on a Heavy Forwarder.
Where would the appropriate TRANSFORMS setting be deployed to reroute logs based on the event message?
Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)
After automatic load balancing is enabled on a forwarder, the time interval for switching indexers can be updated by using which of the following attributes?
Which parent directory contains the configuration files in Splunk?
What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
A company moves to a distributed architecture to meet the growing demand for the use of Splunk. What parameter can be configured to enable automatic load balancing in the
Universal Forwarder to send data to the indexers?
A security team needs to ingest a static file for a specific incident. The log file has not been collected previously and future updates to the file must not be indexed.
Which command would meet these needs?
What are the values forhostandindexfor[stanza1]used by Splunk during index time, given the following configuration files?
The universal forwarder has which capabilities when sending data? (select all that apply)
Which of the methods listed below supports muti-factor authentication?
If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component
would the fishbucket need to be reset in order to reindex the data?
When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?
Which of the following are required when defining an index in indexes. conf? (select all that apply)
What will the following inputs. conf stanza do?
[script://myscript . sh]
Interval=0
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
UsingSEDCMDinprops.confallows raw data to be modified. With the given event below, which option will mask the first three digits of theAcctIDfield resulting output:[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Event:
[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which of the following are available input methods when adding a file input in Splunk Web? (Choose all that
apply.)
Which is a valid stanza for a network input?