SPLUNK-SPLK-1003

Which forwarder is recommended by Splunk to use in a production environment?

Which of the following Splunk components require a separate installation package?

Which data pipeline phase is the last opportunity for defining event boundaries?

What type of Splunk license is pre-selected in a brand new Splunk installation?

What event-processing pipelines are used to process data for indexing?

When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?

Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?

Which artifact is required in the request header when creating an HTTP event?

All search-time field extractions should be specified on which Splunk component?

In addition to single, non-clustered Splunk instances, what else can the deployment server push apps to?

Which setting in indexes.conf allows data retention to be controlled by time?

Where should apps be located on the deployment server that the clients pull from?

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

Which of the following accurately describes HTTP Event Collector indexer acknowledgement?

What action is required to enable forwarder management in Splunk Web?

Which of the following indexes come pre-configured with Splunk Enterprise?

How often does Splunk recheck the LDAP server?

Where are license files stored?

In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?

Which Splunk component performs indexing and responds to search requests from the search head?

When should the Data Preview feature be used?

A Splunk administrator has been tasked with developing a retention strategy to have frequently accessed data sets on SSD storage and to have older, less frequently accessed data on slower NAS storage. They have set a mount point for the NAS. Which parameter do they need to modify to set the path for the older, less frequently accessed data in indexes.conf?

When working with an indexer cluster, what changes with the global precedence when comparing to a standalone deployment?

A user is assigned two roles with the following search filters. What is the user’s applied search filter?

A company moves to a distributed architecture to meet the growing demand for the use of Splunk. What parameter can be configured to enable automatic load balancing in the Universal Forwarder to send data to the indexers?

In inputs.conf, which stanza would mean Splunk was only reading one local file?

What will the following inputs.conf stanza do? [script://myscript.sh] interval=0

Load balancing on a Universal Forwarder is not scaling correctly. The forwarder’s outputs.conf and the tcpout stanza are setup correctly. What else could be the cause of this scaling issue?

Which file will be matched for the following monitor stanza in inputs.conf? [monitor:///var/log/*/bar/.../*.txt]

A non-clustered Splunk environment has three indexers (A,B,C) and two search heads (X,Y). During a search executed on search head X, indexer A crashes. What is Splunk’s response?