SPLK-1003

What are the minimum required settings when creating a network input in Splunk?A . Protocol, port numberB . Protocol, port, locationC . Protocol, username, portD . Protocol, IP, port numberView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/UsetheHTTPEventCollector

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?A . DeployerB . Cluster masterC . Deployment serverD . Search head cluster masterView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/PropagateSHCconfigurationchanges

Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)?A . _TCP_ROUTINGB . _INDEXER_LISTC . _INDEXER_GROUPD . _INDEXER_ROUTINGView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Monitorfilesanddirectorieswithinputs.conf

Which setting in indexes.confallows data retention to be controlled by time?A . maxDaysToKeepB . moveToFrozenAfterC . maxDataRetentionTimeD . frozenTimePeriodInSecsView AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/SmartStoredataretention

Where should apps be located on the deployment server that the clients pull from?A . $SPLUNK_HOME/etc/appsB . $SPLUNK_HOME/etc/searchC . $SPLUNK_HOME/etc/master-appsD . $SPLUNK_HOME/etc/deployment-appsView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/371099/how-to-configure-deployment-apps-to-push-to­client.html

When running the command shown below, what is the default path in which deploymentserver.confis created? splunk set deploy-poll deployServer:portA . SPLUNK_HOME/etc/deploymentB . SPLUNK_HOME/etc/system/localC . SPLUNK_HOME/etc/system/defaultD . SPLUNK_HOME/etc/apps/deploymentView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Configuredeploymentclients

Within props.conf, which stanzas are valid for data modification? (Choose all that apply.)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: CD Explanation: Reference: https://answers.splunk.com/answers/3687/host-stanza-in-props-conf-not-being-honored-for­udp-514-data-sources.html

Within props.conf, which stanzas are valid for data modification? (Choose all that apply.)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: CD Explanation: Reference: https://answers.splunk.com/answers/3687/host-stanza-in-props-conf-not-being-honored-for­udp-514-data-sources.html

Within props.conf, which stanzas are valid for data modification? (Choose all that apply.)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: CD Explanation: Reference: https://answers.splunk.com/answers/3687/host-stanza-in-props-conf-not-being-honored-for­udp-514-data-sources.html

This file has been manually created on a universal forwarder: /opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages] sourcetype=syslog index=syslog A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file: /opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf [monitor:///var/log/maillog] sourcetype=maillog index=syslog Which file is now monitored?A . /var/log/messagesB...