Given a forwarder with the following outputs.conf configuration:
[tcpout : mypartner]
Server = 145.188.183.184:9097
[tcpout : hfbank]
server = inputsl . mysplunkhfs . corp : 9997 , inputs2 . mysplunkhfs . corp : 9997
Which of the following is a true statement?
After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?
Search heads in a company's European offices need to be able to search data in their New York offices. They also need to restrict access to certain indexers. What should be configured to allow this type of action?
Which Splunk component performs indexing and responds to search requests from the search head?
Within props. conf, which stanzas are valid for data modification? (select all that apply)
Syslog files are being monitored on a Heavy Forwarder.
Where would the appropriate TRANSFORMS setting be deployed to reroute logs based on the event message?
Where should apps be located on the deployment server that the clients pull from?
Which setting allows the configuration of Splunk to allow events to span over more than one line?
All search-time field extractions should be specified on which Splunk component?
Which file will be matched for the following monitor stanza in inputs. conf?
[monitor: ///var/log/*/bar/*. txt]
After how many warnings within a rolling 30-day period will a license violation occur with an enforced
Enterprise license?
What type of Splunk license is pre-selected in a brand new Splunk installation?
Which layers are involved in Splunk configuration file layering? (select all that apply)
Where can scripts for scripted inputs reside on the host file system? (select all that apply)
What will the following inputs. conf stanza do?
[script://myscript . sh]
Interval=0
Which of the following Splunk components require a separate installation package?
An admin updates the Role to Group mapping for external authentication. How does the change affect users that are currently logged into Splunk?
How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON
A)
B)
C)
D)
Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as
follows: 123-44-5678.
Which configuration file and stanza pair will mask possible SSNs in the log events?
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
Assume a file is being monitored and the data was incorrectly indexed to an exclusive index. The index is
cleaned and now the data must be reindexed. What other index must be cleaned to reset the input checkpoint
information for that file?
Which of the following apply to how distributed search works? (select all that apply)
Consider a company with a Splunk distributed environment in production. The Compliance Department wants to start using Splunk; however, they want to ensure that no one can see their reports or any other knowledge objects. Which Splunk Component can be added to implement this policy for the new team?
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)
The CLI command splunk add forward-server indexer:
which configuration file?
Which of the following accurately describes HTTP Event Collector indexer acknowledgement?
Load balancing on a Universal Forwarder is not scaling correctly. The forwarder's outputs. and the tcpout stanza are setup correctly. What else could be the cause of this scaling issue? (select all that apply)
A security team needs to ingest a static file for a specific incident. The log file has not been collected previously and future updates to the file must not be indexed.
Which command would meet these needs?
What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?
Which of the following is an appropriate description of a deployment server in a non-cluster environment?
Which of the following indexes come pre-configured with Splunk Enterprise? (select all that apply)
A user is assigned two roles with the following search filters. What is the user's applied search filter?
Windows can prevent a Splunk forwarder from reading open files. If files need to be read while they are being written to, what type of input stanza needs to be created?
For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
Consider the following stanza ininputs.conf:
What will the value of the source filed be for events generated by this scripts input?
A company moves to a distributed architecture to meet the growing demand for the use of Splunk. What parameter can be configured to enable automatic load balancing in the
Universal Forwarder to send data to the indexers?
The following stanza is active in indexes.conf:
[cat_facts]
maxHotSpanSecs = 3600
frozenTimePeriodInSecs = 2630000
maxTota1DataSizeMB = 650000
All other related indexes.conf settings are default values.
If the event timestamp was 3739283 seconds ago, will it be searchable?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?