SPLK-2002 V1

Which Splunk Enterprise offering has its own license?A . Splunk Cloud ForwarderB . Splunk Heavy ForwarderC . Splunk Universal ForwarderD . Splunk Forwarder ManagementView AnswerAnswer: C Explanation: The Splunk Universal Forwarder is the only Splunk Enterprise offering that has its own license. The Splunk Universal Forwarder license allows the forwarder...

What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?A . btool.logB . metrics.logC . splunkd.logD . tailing_processor.logView AnswerAnswer: D Explanation: The tailing_processor.log file would be the best place to search if you suspect there is a...

Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?A . Increase the maximum number of hot buckets in...

Which search will show all deployment client messages from the client (UF)?A . index=_audit component=DC* host=<ds> | stats count by messageB . index=_audit component=DC* host=<uf> | stats count by messageC . index=_internal component= DC* host=<uf> | stats count by messageD . index=_internal component=DS* host=<ds> | stats count by messageView AnswerAnswer:...

A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they also want high data availability and high search performance. The customer is concerned about cost and wants to spend the minimum amount on the hardware for Splunk. How many...

When adding or rejoining a member to a search head cluster, the following error is displayed: Error pulling configurations from the search head cluster captain; consider performing a destructive configuration resync on this search head cluster member. What corrective action should be taken?A . Restart the search head.B . Run...

Splunk Enterprise platform instrumentation refers to data that the Splunk Enterprise deployment logs in the _introspection index. Which of the following logs are included in this index? (Select all that apply.)A . audit.logB . metrics.logC . disk_objects.logD . resource_usage.logView AnswerAnswer: C, D Explanation: The following logs are included in the...

In which phase of the Splunk Enterprise data pipeline are indexed extraction configurations processed?A . InputB . SearchC . ParsingD . IndexingView AnswerAnswer: D Explanation: Indexed extraction configurations are processed in the indexing phase of the Splunk Enterprise data pipeline. The data pipeline is the process that Splunk uses to...

A Splunk instance has the following settings in SPLUNK_HOME/etc/system/local/server.conf: [clustering] mode = master replication_factor = 2 pass4SymmKey = password123 Which of the following statements describe this Splunk instance? (Select all that apply.)A . This is a multi-site cluster.B . This cluster's search factor is 2.C . This Splunk instance needs...

Which CLI command converts a Splunk instance to a license slave?A . splunk add licensesB . splunk list licenser-slavesC . splunk edit licenser-localslaveD . splunk list licenser-localslaveView AnswerAnswer: C Explanation: The splunk edit licenser-localslave command is used to convert a Splunk instance to a license slave. This command will configure...