Which of the following are methods for adding inputs in Splunk? (select all that apply)
Which of the following are methods for adding inputs in Splunk? (select all that apply)A . CLIB . Splunk WebC . Editing inputs. confD . Editing monitor. confView AnswerAnswer: ABC Explanation: https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Configureyourinputs Add your data to Splunk Enterprise. With Splunk Enterprise, you can add data using Splunk Web or Splunk...
Which setting in indexes. conf allows data retention to be controlled by time?
Which setting in indexes. conf allows data retention to be controlled by time?A . maxDaysToKeepB . moveToFrozenAfterC . maxDataRetentionTimeD . frozenTimePeriodlnSecsView AnswerAnswer: D Explanation: https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Setaretirementandarchivingpolicy
Which of the following statements apply to directory inputs? {select all that apply)
Which of the following statements apply to directory inputs? {select all that apply)A . All discovered text files are consumed.B . Compressed files are ignored by defaultC . Splunk recursively traverses through the directory structure.D . When adding new log files to a monitored directory, the forwarder must be restarted...
For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?A . TrueB . FalseC . <regex string>D . Newline CharacterView AnswerAnswer: B Explanation: https://docs.splunk.com/Documentation/Splunk/latest/Data/Configureeventlinebreaking Attribute: SHOULD_LINEMERGE = [true|false] Description: When set to true, the Splunk platform combines several input lines into a single event, with...
Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)
Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)A . CLIB . Edit inputs. confC . Edit forwarder.confD . Forwarder ManagementView AnswerAnswer: ABD Explanation: https://docs.splunk.com/Documentation/Forwarder/8.2.1/Forwarder/HowtoforwarddatatoSplunkEnterprise "You can collect data on the universal forwarder using several methods. Define inputs on the universal...
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?A . Universal forwarderB . Parsing forwarderC . Heavy forwarderD . Advanced forwarderView AnswerAnswer: C
What conf file needs to be edited to set up distributed search groups?
What conf file needs to be edited to set up distributed search groups?A . props.confB . search.confC . distsearch.confD . distibutedsearch.confView AnswerAnswer: C Explanation: "You can group your search peers to facilitate searching on a subset of them. Groups of search peers are known as "distributed search groups." You specify...
Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?
Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?A . _TCP_ROUTINGB . _INDEXER_LISTC . _INDEXER_GROUPD . _INDEXER ROUTINGView AnswerAnswer: A Explanation: https://docs.splunk.com/Documentation/Splunk/7.0.3/Forwarding/Routeandfilterdatad#Perform_se lective_indexing_and_forwarding Specifies a comma-separated list of tcpout group names. Use this setting to selectively forward your data to specific indexers...
During search time, which directory of configuration files has the highest precedence?
During search time, which directory of configuration files has the highest precedence?A . $SFLUNK_KOME/etc/system/localB . $SPLUNK_KCME/etc/system/defaultC . $SPLUNK_HCME/etc/apps/app1/localD . $SPLUNK HCME/etc/users/admin/localView AnswerAnswer: D Explanation: Adding further clarity and quoting same Splunk reference URL from @giubal" "To keep configuration settings consistent across peer nodes, configuration files are managed from the cluster...
How often does Splunk recheck the LDAP server?
How often does Splunk recheck the LDAP server?A . Every 5 minutesB . Each time a user logs inC . Each time Splunk is restartedD . Varies based on LDAP_refresh setting.View AnswerAnswer: B Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.6/Security/ManageSplunkuserroleswithLDAP