Splunk SPLK-1003 - Splunk Enterprise Certified Admin Exam

Page:    1 / 39   
Total 191 questions

Which setting in indexes.conf allows data retention to be controlled by time?

  • A. maxDaysToKeep
  • B. moveToFrozenAfter
  • C. maxDataRetentionTime
  • D. frozenTimePeriodInSecs


Answer : D

The universal forwarder has which capabilities when sending data? (Choose all that apply.)

  • A. Sending alerts
  • B. Compressing data
  • C. Obfuscating/hiding data
  • D. Indexer acknowledgement


Answer : D

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

  • A. Blacklist
  • B. Whitelist
  • C. They cancel each other out.
  • D. Whichever is entered into the configuration first.


Answer : A

In which Splunk configuration is the SEDCMD used?

  • A. props.conf
  • B. inputs.conf
  • C. indexes.conf
  • D. transforms.conf


Answer : A

Which of the following are supported configuration methods to add inputs on a forwarder? (Choose all that apply.)

  • A. CLI
  • B. Edit inputs.conf
  • C. Edit forwarder.conf
  • D. Forwarder Management


Answer : AB

Page:    1 / 39   
Total 191 questions