Brainscape_Flash_Cards_CSV

Question 1

What is the default port for splunkd?

Answer 1

8089

Question 2

What is the default port for Splunk Web?

Answer 2

8000

Question 3

What is the default port for Web app-server proxy?

Answer 3

8065

Question 4

What is the default port for KV Store?

Answer 4

8191

Question 5

What three ulimit resources need to be increased on Splunk indexers?

Answer 5

1. core file size 2. number of open files 3. max user processes

Question 6

What is the cli command to set Splunk to run when a server is rebooted?

Answer 6

./splunk enable boot-start -user splunk

Question 7

What is SPLUNK_HOME usually located (in the file system)?

Answer 7

/opt/splunk

Question 8

What are the three main directories under SPLUNK_HOME?

Answer 8

1. bin 2. etc 3. var

Question 9

What folder to the Splunk executables normally go into?

Answer 9

/opt/splunk/bin

Question 10

What folder contains all the Splunk licenses, configs, apps, etc?

Answer 10

/opt/splunk/etc/

Question 11

What folder contains the Splunk indexes by default?

Answer 11

/opt/splunk/var/lib/splunk

Question 12

What is the cli command to see what port splunkd is listening on?

Answer 12

./splunk show splunkd-port

Question 13

What is the cli command to see what port Splunk Web is listening on?

Answer 13

./splunk show web-port

Question 14

What is the cli command to start, stop, and restart Splunk?

Answer 14

./splunk [start | stop | restart ]

Question 15

What is the cli command to see the status of Splunk on a server?

Answer 15

./splunk status

Question 16

How long is a trial license valid for?

Answer 16

60 days

Question 17

How much data can you ingest with a trial license?

Answer 17

500 mb per day

Question 18

How much data can you ingest with the free license?

Answer 18

500 mb per day

Question 19

When does the ‘daily license quota’ reset?

Answer 19

At midnight of each day

Question 20

What is the definition of a license ‘warning’ in Splunk?

Answer 20

If the amount of data ingested in a day exceeds the allocated daily quote in a pool

Question 21

When do you get a ‘violation’ when using an Enterprise license?

Answer 21

Five or more warnings in a rolling 30-day period.

Question 22

When do you get a ‘violation’ when using a free license?

Answer 22

Three or more warnings in a rolling 30-day period.

Question 23

What data is used to calculate how much data you ingested in a day?

Answer 23

All data that flows through the parsing pipeline

Question 24

What is the cli command to add a license to Splunk?

Answer 24

./splunk add license [path to license file]

Question 25

What folder does the Splunk licenses get saved to when you install a license?

Answer 25

/opt/splunk/etc/licenses/[type_of_license]

Question 26

Which URI do you use when you want to ‘point’ a Splunk server at a Master license server?

Answer 26

https://[ip_address_of_server]:8089/

Question 27

What do ‘pools’ do?

Answer 27

They allow licenses to be subdivided and assigned to a group of indexers

Question 28

Why would you use ‘pools’?

Answer 28

A mulit-tenant Splunk environment is the most common reason.

Question 29

Which folder are apps installed to?

Answer 29

/opt/splunk/etc/apps

Question 30

What is an ‘add-on’?

Answer 30

It is a subset of an app that usually contains data collection but no GUI (reports or dashboards)

Question 31

What is the command to install a Splunk app from the CLI?

Answer 31

./splunk install app [path-to-appfile]

Question 32

What is another way to install an app using tar? (What is the actual command)?

Answer 32

1. cd SPLUNK_HOME/etc/apps 2. tar -xf [path-to-appfile]

Question 33

What does the ‘-c’ option for the tar command do?

Answer 33

Creates a new archive

Question 34

What does the ‘-x’ option for the tar command do?

Answer 34

Extract files from an archive

Question 35

What does the ‘-C’ option for the tar command do?

Answer 35

Change to directory specified after this option

Question 36

What does the ‘-v’ option for the tar command do?

Answer 36

Verbosely list files processed

Question 37

What does the ‘-f’ option for the tar command do?

Answer 37

use archive file or device specified after this option

Question 38

What does the ‘-z’ option for the tar command do?

Answer 38

Filter the archive through gzip

Question 39

What is the command to delete a Splunk app from the CLI?

Answer 39

./splunk remove app [app_folder]

Question 40

What can a user do to an app if they have ‘read’ permissions to it?

Answer 40

They can see the app and use it

Question 41

What can a user do to an app if they have ‘write’ permissions to it?

Answer 41

They can add/delete/modify knowledge objects used in the app

Question 42

By default, what permissions do users have within the ‘search’ app?

Answer 42

Read permissions only

Question 43

What local file (and path) will show you how to use all the .conf files?

Answer 43

SPLUNK_HOME/etc/system/README

Question 44

Where does Splunk put the configuration files that is ‘ships with’?

Answer 44

In the ‘default’ directories

Question 45

How do you edit a configuration file in a ‘default’ directory?

Answer 45

You DON’T! You copy the file to the ‘local’ directory and only had the changes that you want to that file. That files contents should be very small.

Question 46

What are the three ‘layers’ of configuration files that impact configuration file precedence?

Answer 46

user, app, and system

Question 47

What are the two schemes or ‘contexes’ that Splunk users to determine configuration file precedence?

Answer 47

app/user context or global context

Question 48

What is the configuration file precedence in global context (from highest to lowest precedence) for non-cluster peer nodes?

Answer 48

1. system local directory 2. app local directories 3. app default directories 4. system default directory