Which of the following is true regarding Splunk Enterprise performance? (Select all that apply.)

A.

Adding search peers increases the maximum size of search results.

B.

Adding RAM to an existing search heads provides additional search capacity.

C.

Adding search peers increases the search throughput as search load increases.

D.

Adding search heads provides additional CPU cores to run more concurrent searches.

Splunk configuration parameter settings can differ between multiple .conf files of the same name contained within different apps. Which of the following directories has the highest precedence?

A.

System local directory.

B.

System default directory.

C.

App local directories, in ASCII order.

D.

App default directories, in ASCII order.

Which of the following are true statements about Splunk indexer clustering?

A.

All peer nodes must run exactly the same Splunk version.

B.

The master node must run the same or a later Splunk version than search heads.

C.

The peer nodes must run the same or a later Splunk version than the master node.

D.

The search head must run the same or a later Splunk version than the peer nodes.

Which of the following is a best practice to maximize indexing performance?

A.

Use automatic sourcetyping.

B.

Use the Splunk default settings.

C.

Not use pre-trained source types.

D.

Minimize configuration generality

A Splunk architect has inherited the Splunk deployment at Buttercup Games and end users are complaining that the events are inconsistently formatted for a web sourcetype. Further investigation reveals that not all web logs flow through the same infrastructure: some of the data goes through heavy forwarders and some of the forwarders are managed by another department.
Which of the following items might be the cause for this issue?

A.

The search head may have different configurations than the indexers.

B.

The data inputs are not properly configured across all the forwarders.

C.

The indexers may have different configurations than the heavy forwarders.

D.

The forwarders managed by the other department are an older version than the rest

When adding or rejoining a member to a search head cluster, the following error is displayed:
Error pulling configurations from the search head cluster captain; consider performing a destructive
configuration resync on this search head cluster member.What corrective action should be taken?

A.

Restart the search head.

B.

Run the splunk apply shcluster-bundle command from the deployer.

C.

Run the clean raft command on all members of the search head cluster.

D.

Run the splunk resync shcluster-replicated-config command on this member.

When Splunk indexes data in a non clustered environment, what kind of files does it create by default?

A.

Index and .tsidx files.

B.

Rawdata and index files.

C.

Compressed and .tsidx files.

D.

Compressed and meta data files.

What is the default log size for Splunk internal logs?

A.

10MB

B.

20 MB

C.

25MB

D.

30MB

To optimize the distribution of primary buckets; when does primary rebalancing automatically occur? (Select all that apply.)

A.

Rolling restart completes.

B.

Master node rejoins the cluster.

C.

Captain joins or rejoins cluster.

D.

A peer node joins or rejoins the cluster.

The KV store forms its own cluster within a SHC. What is the maximum number of SHC members KV store  will form?

A.

25

B.

50

C.

100

D.

Unlimited