Filters
Question type
Study Flashcards

The frequency in which a deployment client contacts the deployment server is controlled by what?


A) polling_interval attribute in outputs.conf polling_interval attribute in outputs.conf
B) p honeHomeIntervalInSecs attribute in outputs.conf p honeHomeIntervalInSecs
C) polling_interval attribute in deploymentclient.conf deploymentclient.conf
D) phoneHomeIntervalInSecs attribute in deploymentclient.conf phoneHomeIntervalInSecs

Correct Answer

verifed

verified

D

Which CLI command converts a Splunk instance to a license slave?


A) splunk add licenses
B) splunk list licenser-slaves
C) splunk edit licenser-localslave
D) splunk list licenser-localslave

Correct Answer

verifed

verified

Which of the following is an indexer clustering requirement?


A) Must use shared storage.
B) Must reside on a dedicated rack.
C) Must have at least three members.
D) Must share the same license pool.

Correct Answer

verifed

verified

D

Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?


A) Replace the indexer storage to solid state drives (SSD) .
B) Add more search heads and redistribute users based on the search type.
C) Look for slow searches and reschedule them to run during an off-peak time.
D) Add more search peers and make sure forwarders distribute data evenly across all indexers.

Correct Answer

verifed

verified

To reduce the captain's work load in a search head cluster, what setting will prevent scheduled searches from running on the captain?


A) adhoc_searchhead = true (on all members) adhoc_searchhead = true (on all members)
B) adhoc_searchhead = true (on the current captain) (on the current captain)
C) captain_is_adhoc_searchhead = true (on all members) captain_is_adhoc_searchhead = true
D) captain_is_adhoc_searchhead = true (on the current captain)

Correct Answer

verifed

verified

Which of the following are client filters available in serverclass.conf ? (Select all that apply.)


A) DNS name.
B) IP address.
C) Splunk server role.
D) Platform (machine type) .

Correct Answer

verifed

verified

What is a Splunk Job? (Select all that apply.)


A) A user-defined Splunk capability.
B) Searches that are subjected to some usage quota.
C) A search process kicked off via a report or an alert.
D) A child OS process manifested from the splunkd process.

Correct Answer

verifed

verified

What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?


A) Disables search site affinity.
B) Sets all members to dynamic captaincy.
C) Enables multisite search artifact replication.
D) Enables automatic search site affinity discovery.

Correct Answer

verifed

verified

In search head clustering, which of the following methods can you use to transfer captaincy to a different member? (Select all that apply.)


A) Use the Monitoring Console.
B) Use the Search Head Clustering settings menu from Splunk Web on any member.
C) Run the splunk transfer shcluster-captain command from the current captain. Run the splunk transfer shcluster-captain command from the current captain.
D) Run the splunk transfer shcluster-captain command from the member you would like to become the captain. command from the member you would like to become the captain.

Correct Answer

verifed

verified

Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)


A) Free licenses do not support clustering.
B) Replicated data does not count against licensing.
C) Each cluster member requires its own clustering license.
D) Cluster members must share the same license pool and license master.

Correct Answer

verifed

verified

Configurations from the deployer are merged into which location on the search head cluster member?


A) SPLUNK_HOME/etc/system/local
B) SPLUNK_HOME/etc/apps/APP_HOME/local
C) SPLUNK_HOME/etc/apps/search/default
D) SPLUNK_HOME/etc/apps/APP_HOME/default

Correct Answer

verifed

verified

A

Which of the following artifacts are included in a Splunk diag file? (Select all that apply.)


A) OS settings.
B) Internal logs.
C) Customer data.
D) Configuration files.

Correct Answer

verifed

verified

Which search will show all deployment client messages from the client (UF) ?


A) index=_audit component=DC* host=<ds> | stats count by message
B) index=_audit component=DC* host=<uf> | stats count by message
C) index=_internal component= DC* host=<uf> | stats count by message
D) index=_internal component=DS* host=<ds> | stats count by message

Correct Answer

verifed

verified

Before users can use a KV store, an admin must create a collection. Where is a collection is defined?


A) kvstore.conf
B) collection.conf
C) collections.conf
D) kvcollections.conf

Correct Answer

verifed

verified

A multi-site indexer cluster can be configured using which of the following? (Select all that apply.)


A) Via Splunk Web.
B) Directly edit SPLUNK_HOME/etc/system/local/server.conf Directly edit SPLUNK_HOME/etc/system/local/server.conf
C) Run a splunk edit cluster-config command from the CLI. Run a splunk edit cluster-config command from the CLI.
D) Directly edit SPLUNK_HOME/etc/system/default/server.conf SPLUNK_HOME/etc/system/default/server.conf

Correct Answer

verifed

verified

At which default interval does metrics.log generate a periodic report regarding license utilization?


A) 10 seconds
B) 30 seconds
C) 60 seconds
D) 300 seconds

Correct Answer

verifed

verified

Which server.conf attribute should be added to the master node's file when decommissioning a site in an indexer cluster?


A) site_mappings
B) available_sites
C) site_search_factor
D) site_replication_factor

Correct Answer

verifed

verified

Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?


A) Setting the cluster search factor to N-1.
B) Increasing the number of buckets per index.
C) Decreasing the data model acceleration range.
D) Setting the cluster replication factor to N-1.

Correct Answer

verifed

verified

Which of the following commands is used to clear the KV store?


A) splunk clean kvstore
B) splunk clear kvstore
C) splunk delete kvstore
D) splunk reinitialize kvstore

Correct Answer

verifed

verified

To improve Splunk performance, parallelIngestionPipeline s setting can be adjusted on which of the following components in the Splunk architecture? (Select all that apply.)


A) Indexers
B) Forwarders
C) Search head
D) Cluster master

Correct Answer

verifed

verified

Showing 1 - 20 of 85

Related Exams

Exam 1

Splunk Core Certified User

187 Questions

Exam 2

Splunk Enterprise Certified Admin

79 Questions

Exam 3

Splunk Certified Developer

84 Questions

Exam 4

Splunk Enterprise Certified Architect

42 Questions

Exam 6

Splunk IT Service Intelligence Certified Admin

72 Questions

Exam 7

Splunk Core Certified Consultant

62 Questions

Show Answer