SPLUNK-SPLK-1003

Which Splunk configuration file is used to enable data integrity checking?

An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the index?

After how many warnings within a rolling 30-day period will a license violation occur with an enforced Enterprise license?

Who provides the Application Secret, Integration, and Secret keys, as well as the API Hostname when setting up Duo for Multi-Factor Authentication in Splunk Enterprise?

When does a warm bucket roll over to a cold bucket?

If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?

Which forwarder type can parse data prior to forwarding?

How can native authentication be disabled in Splunk?

The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require multiple indexers. Following best practices, which types of Splunk component instances are needed?

Which of the following configuration files are used with a universal forwarder?

Which valid bucket types are searchable?

How do you remove missing forwarders from the Monitoring Console?

Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?

What are the required stanza attributes when configuring the transforms.conf to manipulate or remove events?

Which of the following are supported configuration methods to add inputs on a forwarder?

Which of the following enables compression for universal forwarders in outputs.conf?

User role inheritance allows what to be inherited from the parent role?

Which of the following statements apply to directory inputs?

How would you configure your distsearch.conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON

Which of the following is a valid distributed search group?

Which network input option provides durable file-system buffering of data to mitigate data loss due to network outages and splunkd restarts?

A new forwarder has been installed with a manually created deploymentclient.conf. What is the next step to enable the communication between the forwarder and the deployment server?

When using a directory monitor input, specific source type can be selectively overridden using which configuration file?

When using license pools, volume allocations apply to which Splunk components?

An add-on has configured field aliases for source IP address and destination IP address fields. A specific user prefers not to have those fields present in their user context. Based on the default props.conf below, which SPLUNK_HOME/etc/users/buttercup/myTA/local/props.conf stanza can be added to the user’s local context to disable the field aliases?

Which of the following are methods for adding inputs in Splunk?

Which of the following authentication types requires scripting in Splunk?

Which option accurately describes the purpose of the HTTP Event Collector (HEC)?

What is the difference between the two wildcards ... and * for the monitor stanza in inputs.conf?

What type of data is counted against the Enterprise license at a fixed 150 bytes per event?