In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one
searchable copy at site2, and a total of four searchable copies?

A.

site_search_factor = origin:2, site1:2, total:4

B.

site_search_factor = origin:2, site2:1, total:4

C.

site_replication_factor = origin:2, site1:2, total:4

D.

site_replication_factor = origin:2, site2:1, total:4

Which two sections can be expanded using the Search Job Inspector?

A.

Execution costs.

B.

Saved search history.

C.

Search job properties.

D.

Optimization suggestions.

When troubleshooting monitor inputs, which command checks the status of the tailed files?

A.

splunk cmd btool inputs list | tail

B.

splunk cmd btool check inputs layer

C.

curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:FileStatus

D.

curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:Tailstatus

Which of the following is a way to exclude search artifacts when creating a diag?

A.

SPLUNK_HOME/bin/splunk diag --exclude

B.

SPLUNK_HOME/bin/splunk diag --debug --refresh

C.

SPLUNK_HOME/bin/splunk diag --disable=dispatch

D.

SPLUNK_HOME/bin/splunk diag --filter-searchstrings

To improve Splunk performance, parallelIngestionPipelines setting can be adjusted on which of the following components in the Splunk architecture? (Select all that apply.)

A.

Indexers

B.

Forwarders

C.

Search head

D.

Cluster master

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)

A.

Check serverclass.conf of the deployment server.

B.

Check deploymentclient.conf of the deployment client.

C.

Check the content of SPLUNK_HOME/etc/apps of the deployment server.

D.

Search for relevant events in splunkd.log of the deployment server.

Which of the following is an indexer clustering requirement?

A.

Must use shared storage.

B.

Must reside on a dedicated rack.

C.

Must have at least three members.

D.

Must share the same license pool.

As a best practice, where should the internal licensing logs be stored?

A.

Indexing layer.

B.

License server.

C.

Deployment layer.

D.

Search head layer.

Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its
capacity. Which of the following options will provide the most search performance improvement?

A.

Replace the indexer storage to solid state drives (SSD).

B.

Add more search heads and redistribute users based on the search type.

C.

Look for slow searches and reschedule them to run during an off-peak time.

D.

Add more search peers and make sure forwarders distribute data evenly across all indexers

What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)

A.

Distributes apps to SHC members.

B.

Bootstraps a clean Splunk install for a SHC.

C.

Distributes non-search related and manual configuration file changes.

D.

Distributes runtime knowledge object changes made by users across the SHC.