Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)
Answer : A
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Data/Configuretimestamprecognition
What conf file needs to be edited to set up distributed search groups?
Answer : C
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/Distributedsearchgroups
After configuring a universal forwarder to communicate with an indexer, which index can be checked via the Splunk Web UI for a successful connection?
Answer : D
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Validateyourconfiguration
Which of the following are available input methods when adding a file input in Splunk Web? (Choose all that apply.)
Answer : D
Which is a valid stanza for a network input?
Answer : C
Reference:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2006/Data/Bypassautomaticsourcetypeassignment
Which additional component is required for a search head cluster?
Answer : A
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/SHCdeploymentoverview
When are knowledge bundles distributed to search peers?
Answer : D
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/Whatsearchheadssend
Assume a file is being monitored and the data was incorrectly indexed to an exclusive index. The index is cleaned and now the data must be reindexed. What other index must be cleaned to reset the input checkpoint information for that file?
Answer : A
Reference:
http://docshare02.docshare.tips/files/4773/47733589.pdf
If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?
Answer : A
Reference -
https://community.splunk.com/t5/Archive/How-to-reindex-data-from-a-forwarder/td-p/93310
How can native authentication be disabled in Splunk?
Answer : A
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Secureyouradminaccount
The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require multiple indexers. Following best practices, which types of
Splunk component instances are needed?
Answer : B
Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)
Answer : AC
Reference:
https://docs.splunk.com/Documentation/Forwarder/8.0.5/Forwarder/Configuretheuniversalforwarder
On the deployment server, administrators can map clients to server classes using client filters. Which of the following statements is accurate?
Answer : A
Reference:
https://community.splunk.com/t5/Getting-Data-In/Can-I-use-both-the-whitelist-AND-blacklist-for-the-same/td-p/390910
Which configuration file would be used to forward the Splunk internal logs from a search head to the indexer?
Answer : C
Reference:
https://community.splunk.com/t5/Getting-Data-In/How-to-configure-search-head-to-forward-internal-data-to-the/td-p/111658
When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?
Answer : A
Reference -
https://docs.splunk.com/Documentation/Splunk/8.0.5/Data/AboutHECIDXAck