Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Splunk Core Consultant > Monitoring Console > Flashcards

Monitoring Console Flashcards

1
Q

Where should the monitoring console be running?

A

Should be set up on dedicated host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where should the Monitoring Console never be set on?

A 
Production Search Heads
SHC members
Indexers
Deployment server with more than 50 clients
Deployer sharing with CM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Monitoring console should be a member of:

A

a Member of all indexer cluster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Monitoring Console should be a search peer of

A
  • All Search Heads (clustered or non-clustered)
  • All indexers that are not members of clusters
    All other enterprise instances (deployer, deployment server, license master)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which index contains Operational Data?

A

_internal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which index contains Resource Usage

A

_introspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who is able to access the Monitoring Console?

A

The MC is only visible to users with an administrative role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does the MC work?

A

MC utilizes RESTfu(snapshot) and log(historical) searches to check system health.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False:

MC is considered a single-purpose monitoring box for keeping track of the state of the Splunk deployment

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How would you add a MC?

A

Add the MC as a search head of the cluster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Does the MC directly connect to universal forwarders? What about Heavy Forwarders?

A

UF: NO
HF: YES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Forwarder Monitoring relies upon log-based metrics and saved searches. On which indexes are these logs stored?

A

_internal provides info about operational things

_introspection provides info about resource usage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How are roles for Splunk instances determined?

A

An instance is queried for a list of its current roles. The MC focuses searches/dashboards based upon ITS OWN VERSION of the instance’s “role”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

If the MC is peere to a bunch of newly created nodes before their full configuration has been provided, what is it identified as?

A

indexer

nodes may identify as “indexer” that are not actually doing so, e.g. search heads, before they are given an outputs.conf.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is there a forwarder role in the MC?

A

There is no forwarder role. Forwarder information is gathered about them by examining their logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the REST endpoint to view server roles?

A

rest /services/server/info

17
Q

What is the MC role process?

A

Indexing locally? INDEXER

Other hosts searching it? Search Peer

Splunk started with a serverclass.conf? Deployment Server

Bundle contents created from $SPLUNK_HOME/etc/hcluster/apps? SHC Deployer

18
Q

How do you convince a host that it is an SHC deployer?

A

Run this command:

$SPLUNK_HOME/bin/splunk apply shcluster-bundle -action stage

19
Q

How do you take away the SHC deployer role?

A

delete this directory and restart splunk:

$SPLUNK_HOME/var/run/splunk/deploy

20
Q

What are the default search groups provided?

A

dmc_group_cluster_master: any CMs in the environment
• dmc_group_deployment_server: deployment server
• dmc_group_indexer: any full instance not having an outputs.conf
• dmc_group_kv_store: hosts, typically SH, running KV store
• dmc_group_license_master: any full instance with “self” as the license master
• dmc_group_search_head: any host that is peered to another
• dmc_group_shc_deployer: any SHC deployers in the environment

21
Q

Where are roles configured for the Monitoring Console?

A

distsearch.conf

22
Q

What are the provided roles for Clustering?

A

dmc_indexerclustergroup_

  • All member of an indexer cluster (CM and indexers)
  • If a label is provided, it will be show instead of the GUID of the CM

dmc_searchheadclustergroup_

  • all members of a search head cluster
  • If a label is provided, it will be show instead of the GUID of the SHC
23
Q

What are the three pieces of information needed for a custom server group?

A
  • Name of the server group
  • List of servers
  • Default state (true or false)

Example:
[distributedSearch: NYC]
default = false
servers = 192.168.1.1:8089, 192.168.1.2:8089

24
Q

What field can you use to search a mc group on the monitoring console?

A

splunk_server_group=

25
Q

How do you identify that a node was misconfigured in the monitoring console?

A

check the search.log for the string “optimized out”

26
Q

Are Health Checks extensible?

A

Yes

27
Q

Can checks provided in checklist.conf be RESTful or log-driven

A

Yes

ag-Splunk Core Consultant (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions