Where are license files stored?
Where are license files stored?A . $SPLUNK_HOME/etc/secureB . $SPLUNK_HOME/etc/systemC . $SPLUNK_HOME/etc/licensesD . $SPLUNK_HOME/etc/apps/licensesView AnswerAnswer: C
What other index must be cleaned to reset the input checkpoint information for that file?
Assume a file is being monitored and the data was incorrectly indexed to an exclusive index. The index is cleaned and now the data must be reindexed. What other index must be cleaned to reset the input checkpoint information for that file?A . _auditB . _checkpointC . _introspectionD . _thefishbucketView...
Which forwarder type can parse data prior to forwarding?
Which forwarder type can parse data prior to forwarding?A . Universal forwarderB . Heaviest forwarderC . Hyper forwarderD . Heavy forwarderView AnswerAnswer: D Explanation: https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Typesofforwarders "A heavy forwarder parses data before forwarding it and can route data based on criteria such as source or type of event."
What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?A . DiskB . CPUsC . MemoryD . Network interface cardsView AnswerAnswer: B Explanation: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/SHCarchitecture Scroll down to section titled, How the cluster handles concurrent search quotas, "Overall...
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?A . IndexersB . ForwarderC . Search headD . Search peersView AnswerAnswer: C Explanation: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Howuserscancontroldistributedse arches "From the user standpoint, specifying and running a distributed search is essentially the same as running any other search. Behind the...
Where can scripts for scripted inputs reside on the host file system? (select all that apply)
Where can scripts for scripted inputs reside on the host file system? (select all that apply)A . $SFLUNK_HOME/bin/scriptsB . $SPLUNK_HOME/etc/apps/binC . $SPLUNK_HOME/etc/system/binD . $SPLUNK_HOME/etc/apps/<your_app>/bin_View AnswerAnswer: ACD Explanation: "Where to place the scripts for scripted inputs. The script that you refer to in $SCRIPT can reside in only one of the...
Which layers are involved in Splunk configuration file layering? (select all that apply)
Which layers are involved in Splunk configuration file layering? (select all that apply)A . App contextB . User contextC . Global contextD . Forwarder contextView AnswerAnswer: ABC Explanation: https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles To determine the order of directories for evaluating configuration file precedence, Splunk software considers each file's context. Configuration files operate in...
Which value would fit best?
In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Event example: Which value would fit best?A . MAX_TIMESTAMP_L0CKAHEAD = 5B . MAX_TIMESTAMP_LOOKAHEAD - 10C . MAX_TIMESTAMF_LOOKHEAD = 20D . MAX TIMESTAMP LOOKAHEAD - 30View AnswerAnswer: D Explanation: https://docs.splunk.com/Documentation/Splunk/6.2.0/Data/Configuretimestamprecognition "Specify how far (how many characters) into an event Splunk software should look...
If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?
If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?A . IndexerB . ForwarderC . Search headD . Deployment serverView AnswerAnswer: A Explanation: https://www.splunk.com/en_us/blog/tips-and-tricks/what-is-this-fishbucket-thing.html "Every Splunk instance has a...
What will the output be?
You update a props. conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btoo1 props list ―debug. What will the output be?A . list of all the configurations on-disk that Splunk contains.B . A verbose list of all configurations as they were...