When running the command shown below, what is the default path in which deployment server. conf is created?
When running the command shown below, what is the default path in which deployment server. conf is created? splunk set deploy-poll deployServer:portA . SFLUNK_HOME/etc/deploymentB . SPLUNK_HOME/etc/system/localC . SPLUNK_HOME/etc/system/defaultD . SPLUNK_KOME/etc/apps/deploymentView AnswerAnswer: C Explanation: https://docs.splunk.com/Documentation/Splunk/8.1.1/Updating/Definedeploymentclasses#Ways_to_define_server_classes "When you use forwarder management to create a new server class, it saves the server class...
Which of the following are required when defining an index in indexes. conf? (select all that apply)
Which of the following are required when defining an index in indexes. conf? (select all that apply)A . coldPathB . homePathC . frozenPathD . thawedPathView AnswerAnswer: ABD Explanation: homePath = $SPLUNK_DB/hatchdb/db coldPath = $SPLUNK_DB/hatchdb/colddb thawedPath = $SPLUNK_DB/hatchdb/thaweddb https://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Indexesconf#PER_INDEX_OPTIONS
In which Splunk configuration is the SEDCMD used?
In which Splunk configuration is the SEDCMD used?A . props, confB . inputs.confC . indexes.confD . transforms.confView AnswerAnswer: A Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.5/Forwarding/Forwarddatatothird-partysystemsd "You can specify a SEDCMD configuration in props.conf to address data that contains characters that the third-party server cannot process. "
Which of the following authentication types requires scripting in Splunk?
Which of the following authentication types requires scripting in Splunk?A . ADFSB . LDAPC . SAMLD . RADIUSView AnswerAnswer: D Explanation: https://answers.splunk.com/answers/131127/scripted-authentication.html Scripted Authentication: An option for Splunk Enterprise authentication. You can use an authentication system that you have in place (such as PAM or RADIUS) by configuring authentication.conf to...
What are the minimum required settings when creating a network input in Splunk?
What are the minimum required settings when creating a network input in Splunk?A . Protocol, port numberB . Protocol, port, locationC . Protocol, username, portD . Protocol, IP. port numberView AnswerAnswer: A Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Inputsconf [tcp://<remote server>:<port>] *Configures the input to listen on a specific TCP network port. *If a <remote...
The priority of layered Splunk configuration files depends on the file's:
The priority of layered Splunk configuration files depends on the file's:A . OwnerB . WeightC . ContextD . Creation timeView AnswerAnswer: C Explanation: https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles "To determine the order of directories for evaluating configuration file precendence, Splunk software considers each file's context. Configuration files operate in either a global context or...
Which file is now monitored?
This file has been manually created on a universal forwarder A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new Which file is now monitored?A . /var/log/messagesB . /var/log/maillogC . /var/log/maillog and /var/log/messagesD . none of the...
Within props. conf, which stanzas are valid for data modification? (select all that apply)
Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec
During search time, which directory of configuration files has the highest precedence?
During search time, which directory of configuration files has the highest precedence?A . $SFLUNK_KOME/etc/system/localB . $SPLUNK_KCME/etc/system/defaultC . $SPLUNK_HCME/etc/apps/app1/localD . $SPLUNK HCME/etc/users/admin/localView AnswerAnswer: D Explanation: Adding further clarity and quoting same Splunk reference URL from @giubal" "To keep configuration settings consistent across peer nodes, configuration files are managed from the cluster...
Within props. conf, which stanzas are valid for data modification? (select all that apply)
Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec