Consider the following stanza ininputs.conf:
What will the value of the source filed be for events generated by this scripts input?
All search-time field extractions should be specified on which Splunk component?
What type of data is counted against the Enterprise license at a fixed 150 bytes per event?
Which authentication methods are natively supported within Splunk Enterprise? (select all that apply)
A company moves to a distributed architecture to meet the growing demand for the use of Splunk. What parameter can be configured to enable automatic load balancing in the
Universal Forwarder to send data to the indexers?
A new forwarder has been installed with a manually createddeploymentclient.conf.
What is the next step to enable the communication between the forwarder and the deployment server?
In this example, ifuseACKis set to true and themaxQueueSizeis set to 7MB, what is the size of the wait queue on this universal forwarder?
In a distributed environment, which Splunk component is used to distribute apps and configurations to the
other Splunk instances?
How is data handled by Splunk during the input phase of the data ingestion process?
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?
Which default Splunk role could be assigned to provide users with the following capabilities?
Create saved searches
Edit shared objects and alerts
Not allowed to create custom roles
A Universal Forwarder has the following active stanza in inputs . conf:
[monitor: //var/log]
disabled = O
host = 460352847
An event from this input has a timestamp of 10:55. What timezone will Splunk add to the event as part of indexing?
Where should apps be located on the deployment server that the clients pull from?
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
Which data pipeline phase is the last opportunity for defining event boundaries?
A non-clustered Splunk environment has three indexers (A,B,C) and two search heads (X, Y). During a search executed on search head X, indexer A crashes. What is Splunk's response?
In addition to single, non-clustered Splunk instances, what else can the deployment server push apps to?
In inputs. conf, which stanza would mean Splunk was only reading one local file?
This file has been manually created on a universal forwarder
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new
Which file is now monitored?
Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as
follows: 123-44-5678.
Which configuration file and stanza pair will mask possible SSNs in the log events?
When using a directory monitor input, specific source types can be selectively overridden using which configuration file?
What are the minimum required settings when creating a network input in Splunk?
Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Windows can prevent a Splunk forwarder from reading open files. If files need to be read while they are being written to, what type of input stanza needs to be created?
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
An add-on has configured field aliases for source IP address and destination IP address fields. A specific user prefers not to have those fields present in their user context. Based on the defaultprops.confbelow, whichSPLUNK_HOME/etc/users/buttercup/myTA/local/props.confstanza can be added to the user’s local context to disable the field aliases?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
Which feature of Splunk’s role configuration can be used to aggregate multiple roles intended for groups of
users?
A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?
Within props. conf, which stanzas are valid for data modification? (select all that apply)
Which of the following statements describe deployment management? (select all that apply)