Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers
running Splunk Enterprise Security?
A.
Setting the cluster search factor to N-1.
B.
Increasing the number of buckets per index.
C.
Decreasing the data model acceleration range.
D.
Setting the cluster replication factor to N-1.
Setting the cluster replication factor to N-1.
Which Splunk server role regulates the functioning of indexer cluster?
A.
Indexer
B.
Deployer
C.
Master Node
D.
Monitoring Console
Master Node
What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a
monitor stanza?
A.
btool.log
B.
metrics.log
C.
splunkd.log
D.
tailing_processor.log
splunkd.log
Which of the following artifacts are included in a Splunk diag file? (Select all that apply.)
A.
OS settings.
B.
Internal logs.
C.
Customer data.
D.
Configuration files.
Internal logs.
Configuration files.
Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)
A.
Free licenses do not support clustering.
B.
Replicated data does not count against licensing.
C.
Each cluster member requires its own clustering license.
D.
Cluster members must share the same license pool and license master.
Replicated data does not count against licensing.
Cluster members must share the same license pool and license master.
Which component in the splunkd.log will log information related to bad event breaking?
A.
Audittrail
B.
EventBreaking
C.
IndexingPipeline
D.
AggregatorMiningProcessor
AggregatorMiningProcessor
Which of the following statements about integrating with third-party systems is true? (Select all that apply.)
A.
A Hadoop application can search data in Splunk.
B.
Splunk can search data in the Hadoop File System (HDFS).
C.
You can use Splunk alerts to provision actions on a third-party system.
D.
You can forward data from Splunk forwarder to a third-party system without indexing it first.
You can use Splunk alerts to provision actions on a third-party system.
You can forward data from Splunk forwarder to a third-party system without indexing it first.
A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they
also want high data availability and high search performance. The customer is concerned about cost and wants
to spend the minimum amount on the hardware for Splunk. How many indexers are recommended for this deployment?
A.
Two indexers not in a cluster, assuming users run many long searches
C.
Three indexers not in a cluster, assuming a long data retention period.
D.
Two indexers clustered, assuming high availability is the greatest priority.
E.
Two indexers clustered, assuming a high volume of saved/scheduled searches
Two indexers clustered, assuming high availability is the greatest priority.
Which tool(s) can be leveraged to diagnose connection problems between an indexer and forwarder? (Select all that apply.)
A.
telnet
B.
tcpdump
C.
splunk btool
D.
splunk btprobe
tcpdump
splunk btool
When using the props.conf LINE_BREAKER attribute to delimit multi-line events, the
SHOULD_LINEMERGE attribute should be set to what?
A.
Auto
B.
None
C.
True
D.
False
True
| Page 3 out of 16 Pages |
| Previous |
Copyright © - All Rights Reserved