Three basic components of Splunk are
#91
We should use heavy forwarder for sending event-based data to Indexers.
#93
Splunk Enterprise is used as a Scalable service in Splunk Cloud.
#94
Which component of Splunk let us write SPL query to find the required data?
#95
All components are installed and administered in Splunk Enterprise on-premise.
#96
Log filtering/parsing can be done from _____________.
#97
Which is the default app for Splunk Enterprise?
#98
Portal for Splunk apps can be accessed through www.splunkbase.com
#99
Splunk shows data in __________________.
#100
Which of the following can be used as wildcard search in Splunk?
#101
What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?
#102
Prefix wildcards might cause performance issues.
#103
Machine data can be in structured and unstructured format.
#104
Field names are case sensitive.
#105
Splunk internal fields contains general information about events and starts from underscore i.e. _ .
#106
How many main user roles do you have in Splunk?
#107
Which of the following are Splunk premium enhanced solutions?
#108
Fields are searchable name and value pairings that differentiates one event from another.
#109
Splunk extracts fields from event data at index time and at search time.
#110
Field values are case sensitive.
#111
Splunk indexes the data on the basis of timestamps.
#112
______________ is the default web port used by Splunk.
#113
Which of the following statements are correct about Search & Reporting App?
#114
Parsing of data can happen both in HF and Indexer.
#115
Monitor option in Add Data provides _______________.
#116
License Meter runs before data compression.
#117
Forward Option gather and forward data to indexers over a receiving port from remote machines.
#118
You can on-board data to Splunk using following means
#119
Data sources being opened and read applies to: E. License Metering
#120