SPLK-1003 exam

When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?A . Slash notationB . Regular expressionC . Irregular expressionD . Wildcard-only expressionView AnswerAnswer: B Explanation: https://docs.splunk.com/Documentation/Splunk/latest/Data/Whitelistorblacklistspecificincomingdata#Include_or_exclude_specific_incoming_data

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON A) B) C) D) A . option AB . Option BC . Option CD . Option DView AnswerAnswer: C Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups

Which option accurately describes the purpose of the HTTP Event Collector (HEC)?A . A token-based HTTP input that is secure and scalable and that requires the use of forwardersB . A token-based HTTP input that is secure and scalable and that does not require the use of forwarders.C . An...

Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)A . props.confB . inputs.confC . rawdata.confD . transforms.confView AnswerAnswer: AD Explanation: https://docs.splunk.com/Documentation/Splunk/8.1.1/Knowledge/Configureadvancedextractionswithfieldtransforms use transformations with props.conf and transforms.conf to: C Mask or delete raw data as it is being indexed COverride sourcetype or host...

What is required when adding a native user to Splunk? (select all that apply)A . PasswordB . UsernameC . Full NameD . Default appView AnswerAnswer: AB Explanation: According to the Splunk system admin course PDF, When adding native users, Username and Password ARE REQUIRED

Which Splunk component does a search head primarily communicate with?A . IndexerB . ForwarderC . Cluster masterD . Deployment serverView AnswerAnswer: A

In which phase of the index time process does the license metering occur?A . input phaseB . Parsing phaseC . Indexing phaseD . Licensing phaseView AnswerAnswer: C Explanation: "When ingesting event data, the measured data volume is based on the new raw data that is placed into the indexing pipeline....

Which of the following apply to how distributed search works? (select all that apply)A . The search head dispatches searches to the peersB . The search peers pull the data from the forwarders.C . Peers run searches in parallel and return their portion of results.D . The search head consolidates...

What are the required stanza attributes when configuring the transforms. conf to manipulate or remove events?A . REGEX, DEST. FORMATB . REGEX. SRC_KEY, FORMATC . REGEX, DEST_KEY, FORMATD . REGEX, DEST_KEY FORMATTINGView AnswerAnswer: C Explanation: REGEX = <regular expression> * Enter a regular expression to operate on your data. FORMAT...

Which authentication methods are natively supported within Splunk Enterprise? (select all that apply)A . LDAPB . SAMLC . RADIUSD . Duo Multifactor AuthenticationView AnswerAnswer: ABC Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/SetupuserauthenticationwithSplunk Splunk authentication: Provides Admin, Power and User by default, and you can define your own roles using a list of capabilities. If...