Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Splunk ES Admin > Installation and Configuration > Flashcards

Installation and Configuration Flashcards

1
Q

How does ES know local customer domain names so it can detect internal vs external emails?

A

The Corporate Web and Email Domain Lookups are edited during initial configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where would you navigate to edit Domain Tables?

A
  1. Configure>Content>Content Management
  2. Select Type:Managed Lookup
  3. Edit any of the Domain lookups: Corporate Web Domains, Corporate Email Domains, Cloud Domains (external vendor sites)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the default ports that must be configured for Splunk ES to function?

A
  • SplunkWeb (8000)
  • Splunk Management (8089)
  • KV Store (8191)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which tool is used to update indexers in ES?

A

Splunk_TA_ForIndexers.spl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is accurate regarding the input phase?
- Applies event-level transformations
- Fine-tunes metadata
- Performs character encoding
- Breaks data into events with timestamps

A

Performs character encoding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?

A

Add a new search head and install ES on it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?

A

$SPLUNK_HOME/etc/shcluster/apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?

A

Splunk_TA_ForIndexers.spl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Installation Checklist

A
  1. Confirm the environment meets minimum system requirements for Splunk Enterprise and ES.
  2. Increase the Splunk Web upload size limit in web.conf
  3. Install ES on the search head
  4. Install any required TAs
  5. Create Splunk_TA_ForIndexers to deploy to indexers.
  6. Deploy input-time technical add-ons to forwarders.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ES needs to be installed on a search head with _____.

A

Only default built-in and CIM-compliant apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the search head requirements for installing ES?

A
  1. A dedicated server or cluster for the ES search head(s) with only CIM-compliant apps installed
  2. 64-bit OS, minimum 32 GB RAM and 16 processor cores
  3. Configure search head forwarding
  4. If enabling Monitoring Console, do not use distributed mode
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To which of the following should the ES application be uploaded?
- The indexer
- The dedicated forwarder
- The search head
- The KV store

A

The search head

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the reference minimum requirements for OS, CPU, and RAM for an ES search head?

A

OS: 64 bit
RAM: 32 GB
CPU: 16 cores

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Splunk ES Admin (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions