SPLK-2002 V1

At which default interval does metrics.log generate a periodic report regarding license utilization?A . 10 secondsB . 30 secondsC . 60 secondsD . 300 secondsView AnswerAnswer: C Explanation: The default interval at which metrics.log generates a periodic report regarding license utilization is 60 seconds. This report contains information about the...

When planning a search head cluster, which of the following is true?A . All search heads must use the same operating system.B . All search heads must be members of the cluster (no standalone search heads).C . The search head captain must be assigned to the largest search head in...

Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?A . Replace the indexer storage to solid state drives (SSD).B . Add more search heads and redistribute users based on the search type.C...

Which of the following artifacts are included in a Splunk diag file? (Select all that apply.)A . OS settings.B . Internal logs.C . Customer data.D . Configuration files.View AnswerAnswer: B, D Explanation: The following artifacts are included in a Splunk diag file: Internal logs. These are the log files that...

In an existing Splunk environment, the new index buckets that are created each day are about half the size of the incoming data. Within each bucket, about 30% of the space is used for raw data and about 70% for index files. What additional information is needed to calculate the...

Which Splunk server role regulates the functioning of indexer cluster?A . IndexerB . DeployerC . Master NodeD . Monitoring ConsoleView AnswerAnswer: C Explanation: The master node is the Splunk server role that regulates the functioning of the indexer cluster. The master node coordinates the activities of the peer nodes, such...

A customer has installed a 500GB Enterprise license. They also purchased and installed a 300GB, no enforcement license on the same license master. How much data can the customer ingest before the search is locked out?A . 300GB. After this limit, the search is locked out.B . 500GB. After this...

Which of the following is a good practice for a search head cluster deployer?A . The deployer only distributes configurations to search head cluster members when they “phone home”.B . The deployer must be used to distribute non-replicable configurations to search head cluster members.C . The deployer must distribute configurations...

Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)A . Free licenses do not support clustering.B . Replicated data does not count against licensing.C . Each cluster member requires its own clustering license.D . Cluster members must share the same license pool and...

Which of the following are client filters available in serverclass.conf? (Select all that apply.)A . DNS name.B . IP address.C . Splunk server role.D . Platform (machine type).View AnswerAnswer: A, B, D Explanation: The client filters available in serverclass.conf are DNS name, IP address, and platform (machine type). These filters...