Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
When working with an indexer cluster, what changes with the global precedence when comparing to a standalone deployment?
What type of data is counted against the Enterprise license at a fixed 150 bytes per event?
After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?
Which authentication methods are natively supported within Splunk Enterprise? (select all that apply)
Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations
found in props.conf to be validated all through the UI?
When using a directory monitor input, specific source types can be selectively overridden using which configuration file?
Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?
How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON
A)
B)
C)
D)
What will the following inputs. conf stanza do?
[script://myscript . sh]
Interval=0
If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component
would the fishbucket need to be reset in order to reindex the data?
An index stores its data in buckets. Which default directories does Splunk use to store buckets? (Choose all that apply.)
Which Splunk component would one use to perform line breaking prior to indexing?
Consider a company with a Splunk distributed environment in production. The Compliance Department wants to start using Splunk; however, they want to ensure that no one can see their reports or any other knowledge objects. Which Splunk Component can be added to implement this policy for the new team?
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)
Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)
The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require
multiple indexers. Following best practices, which types of Splunk component instances are needed?
In addition to single, non-clustered Splunk instances, what else can the deployment server push apps to?
The CLI command splunk add forward-server indexer:
which configuration file?
Which of the following are available input methods when adding a file input in Splunk Web? (Choose all that
apply.)
When deploying apps on Universal Forwarders using the deployment server, what is the correct component and location of the app before it is deployed?
Which of the following is the use case for the deployment server feature of Splunk?
Where can scripts for scripted inputs reside on the host file system? (select all that apply)
Which of the following methods will connect a deployment client to a deployment server? (select all that apply)
Which of the following enables compression for universal forwarders in outputs. conf ?
A)
B)
C)
D)
Which of the following is an appropriate description of a deployment server in a non-cluster environment?
Syslog files are being monitored on a Heavy Forwarder.
Where would the appropriate TRANSFORMS setting be deployed to reroute logs based on the event message?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following are reasons to create separate indexes? (Choose all that apply.)
In a distributed environment, which Splunk component is used to distribute apps and configurations to the
other Splunk instances?