Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)

A.

Free licenses do not support clustering.

B.

Replicated data does not count against licensing.

C.

Each cluster member requires its own clustering license.

D.

Cluster members must share the same license pool and license master.

Which component in the splunkd.log will log information related to bad event breaking?

A.

Audittrail

B.

EventBreaking

C.

IndexingPipeline

D.

AggregatorMiningProcessor

Which of the following statements about integrating with third-party systems is true? (Select all that apply.)

A.

A Hadoop application can search data in Splunk.

B.

Splunk can search data in the Hadoop File System (HDFS).

C.

You can use Splunk alerts to provision actions on a third-party system.

D.

You can forward data from Splunk forwarder to a third-party system without indexing it first.

A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they
also want high data availability and high search performance. The customer is concerned about cost and wants
to spend the minimum amount on the hardware for Splunk. How many indexers are recommended for this deployment?

A.

Two indexers not in a cluster, assuming users run many long searches

C.

Three indexers not in a cluster, assuming a long data retention period.

D.

Two indexers clustered, assuming high availability is the greatest priority.

E.

Two indexers clustered, assuming a high volume of saved/scheduled searches

Which tool(s) can be leveraged to diagnose connection problems between an indexer and forwarder? (Select all that apply.)

A.

telnet

B.

tcpdump

C.

splunk btool

D.

splunk btprobe

When using the props.conf LINE_BREAKER attribute to delimit multi-line events, the
SHOULD_LINEMERGE attribute should be set to what?

A.

Auto

B.

None

C.

True

D.

False

In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one
searchable copy at site2, and a total of four searchable copies?

A.

site_search_factor = origin:2, site1:2, total:4

B.

site_search_factor = origin:2, site2:1, total:4

C.

site_replication_factor = origin:2, site1:2, total:4

D.

site_replication_factor = origin:2, site2:1, total:4

Which two sections can be expanded using the Search Job Inspector?

A.

Execution costs.

B.

Saved search history.

C.

Search job properties.

D.

Optimization suggestions.

When troubleshooting monitor inputs, which command checks the status of the tailed files?

A.

splunk cmd btool inputs list | tail

B.

splunk cmd btool check inputs layer

C.

curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:FileStatus

D.

curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:Tailstatus

Which of the following is a way to exclude search artifacts when creating a diag?

A.

SPLUNK_HOME/bin/splunk diag --exclude

B.

SPLUNK_HOME/bin/splunk diag --debug --refresh

C.

SPLUNK_HOME/bin/splunk diag --disable=dispatch

D.

SPLUNK_HOME/bin/splunk diag --filter-searchstrings

To improve Splunk performance, parallelIngestionPipelines setting can be adjusted on which of the following components in the Splunk architecture? (Select all that apply.)

A.

Indexers

B.

Forwarders

C.

Search head

D.

Cluster master

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)

A.

Check serverclass.conf of the deployment server.

B.

Check deploymentclient.conf of the deployment client.

C.

Check the content of SPLUNK_HOME/etc/apps of the deployment server.

D.

Search for relevant events in splunkd.log of the deployment server.