SPLK-2002 exam

What is the minimum reference server specification for a Splunk indexer?A . 12 CPU cores, 12GB RAM, 800 IOPSB . 16 CPU cores, 16GB RAM, 800 IOPSC . 24 CPU cores, 16GB RAM, 1200 IOPSD . 28 CPU cores, 32GB RAM, 1200 IOPSView AnswerAnswer: A Explanation: The minimum reference server...

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?A . Configure syslog to send the data to multiple Splunk indexers.B . Use a Splunk indexer to collect a network input on...

Before users can use a KV store, an admin must create a collection. Where is a collection is defined?A . kvstore.confB . collection.confC . collections.confD . kvcollections.confView AnswerAnswer: C Explanation: A collection is defined in the collections.conf file, which specifies the name, schema, and permissions of the collection. The kvstore.conf...

Which of the following commands is used to clear the KV store?A . splunk clean kvstoreB . splunk clear kvstoreC . splunk delete kvstoreD . splunk reinitialize kvstoreView AnswerAnswer: A Explanation: The splunk clean kvstore command is used to clear the KV store. This command will delete all the collections...

Which command will permanently decommission a peer node operating in an indexer cluster?A . splunk stop -fB . splunk offline -fC . splunk offline --enforce-countsD . splunk decommission --enforce countsView AnswerAnswer: C Explanation: The splunk offline --enforce-counts command will permanently decommission a peer node operating in an indexer cluster. This...

Which of the following is a way to exclude search artifacts when creating a diag?A . SPLUNK_HOME/bin/splunk diag --excludeB . SPLUNK_HOME/bin/splunk diag --debug --refreshC . SPLUNK_HOME/bin/splunk diag --disable=dispatchD . SPLUNK_HOME/bin/splunk diag --filter-searchstringsView AnswerAnswer: A Explanation: The splunk diag --exclude command is a way to exclude search artifacts when creating a...

Which Splunk tool offers a health check for administrators to evaluate the health of their Splunk deployment?A . btoolB . DiagGenC . SPL ClinicD . Monitoring ConsoleView AnswerAnswer: D Explanation: The Monitoring Console is the Splunk tool that offers a health check for administrators to evaluate the health of their...

What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?A . Disables search site affinity.B . Sets all members to dynamic captaincy.C . Enables multisite search artifact replication.D . Enables automatic search site affinity discovery.View AnswerAnswer: A Explanation: Setting site=site0 on all Search Head...

What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)A . Distributes apps to SHC members.B . Bootstraps a clean Splunk install for a SHC.C . Distributes non-search-related and manual configuration file changes.D . Distributes runtime knowledge object changes made by users across the SHC.View...

Which command is used for thawing the archive bucket?A . Splunk collectB . Splunk convertC . Splunk rebuildD . Splunk dbinspectView AnswerAnswer: C Explanation: The splunk rebuild command is used for thawing the archive bucket. Thawing is the process of restoring frozen data back to Splunk for searching. Frozen data...