Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)
What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?
What are the required stanza attributes when configuring the transforms. conf to manipulate or remove events?
A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?
The following stanza is active in indexes.conf:
[cat_facts]
maxHotSpanSecs = 3600
frozenTimePeriodInSecs = 2630000
maxTota1DataSizeMB = 650000
All other related indexes.conf settings are default values.
If the event timestamp was 3739283 seconds ago, will it be searchable?
Who provides the Application Secret, Integration, and Secret keys, as well as the API Hostname when setting
up Duo for Multi-Factor Authentication in Splunk Enterprise?
In addition to single, non-clustered Splunk instances, what else can the deployment server push apps to?
Syslog files are being monitored on a Heavy Forwarder.
Where would the appropriate TRANSFORMS setting be deployed to reroute logs based on the event message?
On the deployment server, administrators can map clients to server classes using client filters. Which of the
following statements is accurate?
When using a directory monitor input, specific source types can be selectively overridden using which configuration file?
Which of the following is an appropriate description of a deployment server in a non-cluster environment?
Which layers are involved in Splunk configuration file layering? (select all that apply)
When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?
Which option on the Add Data menu is most useful for testing data ingestion without creating inputs.conf?
Which of the following are required when defining an index in indexes. conf? (select all that apply)
Where can scripts for scripted inputs reside on the host file system? (select all that apply)
Which default Splunk role could be assigned to provide users with the following capabilities?
Create saved searches
Edit shared objects and alerts
Not allowed to create custom roles
Running this search in a distributed environment:
On what Splunk component does the eval command get executed?
Which of the following monitor inputs stanza headers would match all of the following files?
/var/log/www1/secure.log
/var/log/www/secure.l
/var/log/www/logs/secure.logs
/var/log/www2/secure.log
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
What are the values forhostandindexfor[stanza1]used by Splunk during index time, given the following configuration files?
Given a forwarder with the following outputs.conf configuration:
[tcpout : mypartner]
Server = 145.188.183.184:9097
[tcpout : hfbank]
server = inputsl . mysplunkhfs . corp : 9997 , inputs2 . mysplunkhfs . corp : 9997
Which of the following is a true statement?
How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON
A)
B)
C)
D)