User role inheritance allows what to be inherited from the parent role? (select all that apply)
A. Parents
B. Capabilities
C. Index access
D. Search history
Explanation:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles#Role_inheritance
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities
When indexing a data source, which fields are considered metadata?
A. source, host, time
B. time, sourcetype, source
C. host, raw, sourcetype
D. sourcetype, source, host
Explanation:
[Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/SearchReference/Metadata, , ]
Which Splunk forwarder has a built-in license?
A. Light forwarder
B. Heavy forwarder
C. Universal forwarder
D. Cloud forwarder
Explanation:
[Reference: https://community.splunk.com/t5/Getting-Data-In/Do-we-need-a-license-for-Heavy-forwarder/m-p/210451, , ]
What type of data is counted against the Enterprise license at a fixed 150 bytes per event?
A. License data
B. Metricsdata
C. Internal Splunk data
D. Internal Windows logs
Which of the following are methods for adding inputs in Splunk? (select all that apply)
A. CLI
B. Splunk Web
C. Editing inputs. conf
D. Editing monitor. conf
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Configureyourinputs
Add your data to Splunk Enterprise. With Splunk Enterprise, you can add data using Splunk Web or Splunk Apps. In addition to these methods, you also can use the following methods. -The Splunk Command Line Interface (CLI) -The inputs.conf configuration file. When you specify your inputs with Splunk Web or the CLI, the details are saved in a configuartion file on Splunk Enterprise indexer and heavy forwarder instances.
Which layers are involved in Splunk configuration file layering? (select all that apply)
A. App context
B. User context
C. Global context
D. Forwarder context
Explanation:
https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles
To determine the order of directories for evaluating configuration file precedence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user: Global. Activities like indexing take place in a global context. They are independent of any app or user.
For example, configuration files that determine monitoring or indexing behavior occur outside of the app and user context and are global in nature. App/user. Some activities, like searching, take place in an app or user context. The app and user context is vital to search-time processing, where certain knowledge objects or actions might be valid only for specific users in specific apps.
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
A. services/ collector
B. services/ inputs ? raw
C. services/ data/ collector
D. data/ collector
Explanation:
The answer to your question is C. services/data/collector. This is the endpoint URI used to collect data in a customer managed Splunk Enterprise environment. According to the Splunk documentation1, “The HTTP Event Collector REST API endpoint is /services/data/collector. You can use this endpoint to send events to HTTP Event Collector on a Splunk Enterprise or Splunk Cloud Platform deployment.” You can also use this endpoint to send events to a specific token or index1. For example, you can use the following curl command to send an event with the token 578254cc-05f5-46b5-957b-910d1400341a and the index main:
curl -k https://localhost:8088/services/data/collector -H 'Authorization: Splunk 578254cc-05f5-46b5-957b-910d1400341a' -d '{"index":"main","event":"Hello, world!"}'
A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?
A. followTail = -45d
B. ignore = 45d
C. includeNewerThan = -35d
D. ignoreOlderThan = 45d
Explanation:
Reference:
[https://docs.splunk.com/Documentation/Splunk/8.2.1/Data/Configuretimestamprecognition, ]
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
A. Deployer
B. Cluster master
C. Deployment server
D. Search head cluster master
What is the command to reset the fishbucket for one source?
A. rm -r ~/splunkforwarder/var/lib/splunk/fishbucket
B. splunk clean eventdata -index _thefishbucket
C. splunk cmd btprobe -d SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db --file --reset
D. splunk btool fishbucket reset
The fishbucket is a directory that stores information about the files that have been monitored and indexed by Splunk. The fishbucket helps Splunk avoid indexing duplicate data by keeping track of file signatures and offsets. To reset the fishbucket for one source, the command splunk cmd btprobe can be used with the -reset option and the name of the source file.
When are knowledge bundles distributed to search peers?
A. After a user logs in.
B. When Splunk is restarted.
C. When adding a new search peer.
D. When a distributed search is initiated.
Explanation: "The search head replicates the knowledge bundle periodically in the background or when initiating a search. " "As part of the distributed search process, the search head replicates and distributes its knowledge objects to its search peers, or indexers. Knowledge objects include saved searches, event types, and other entities used in searching accorss indexes. The search head needs to distribute this material to its search peers so that they can properly execute queries on its behalf."
What is the difference between the two wildcards ... and - for the monitor stanza in inputs, conf?
A. ... is not supported in monitor stanzas
B. There is no difference, they are interchangable and match anything beyond directory boundaries.
C. * matches anything in that specific directory path segment, whereas ... recurses through subdirectories as well.
D. ... matches anything in that specific directory path segment, whereas - recurses through subdirectories as well.
The ellipsis wildcard searches recursively through directories and any number of levels of subdirectories to find matches.
If you specify a folder separator (for example, //var/log/.../file), it does not match the first folder level, only subfolders.
* The asterisk wildcard matches anything in that specific folder path segment.
Unlike ..., * does not recurse through subfolders.
| Page 2 out of 16 Pages |
| Previous |