Test 2 Flashcards
Which setting in indexes.conf allows data retention to be controlled by time? A. maxDaysToKeep B. moveToFrozenAfter C. maxDataRetentionTime D. frozenTimePeriodInSecs
D. frozenTimePeriodInSecs
The universal forwarder has which capabilities when sending data? (Select all that apply.) A. Sendingalerts B. Compressingdata C. Obfuscating/hiding data D. Indexer acknowledgement
D. Indexer acknowledgement
In case of a conflict between a whitelist and a blacklist input setting, which
one is used?
A. Blacklist
B. Whitelist
C. They cancel each other out.
D. Whicheverisenteredintotheconfigurationfirst.
A. Blacklist
In which Splunk configuration is the SEDCMD used?
A. props.conf
B. inputs.conf
C. indexes.conf
D. transforms.conf
A. props.conf
Which of the following are supported configuration methods to add inputs on a forwarder? (Select all that apply.) A. CLI B. Editinputs.conf C. Edit forwarder.conf D. Forwarder Management
B. Editinputs.conf
Which parent directory contains the configuration files in Splunk? A. $SPLUNK_HOME/etc B. $SPLUNK_HOME/var C. $SPLUNK_HOME/conf D. $SPLUNK_HOME/default
A. $SPLUNK_HOME/etc
Which forwarder type can parse data prior to forwarding? A. Universalforwarder B. Heaviestforwarder C. Hyperforwarder D. Heavyforwarder
D. Heavyforwarder
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?
A. Indexers
B. Forwarder
C. Search head D. Search peers
A. Indexers
Which Splunk component distributes apps and certain other configuration updates to search head cluster members? A. Deployer B. Clustermaster C. Deployment server D. Search head cluster master
A. Deployer
Where should apps be located on the deployment server that the clients pull from? A. $SPLUNK_HOME/etc/apps B. $SPLUNK_HOME/etc/search C. $SPLUNK_HOME/etc/master-apps D. $SPLUNK_HOME/etc/deployment-apps
A. $SPLUNK_HOME/etc/apps
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file: /opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
monitor:///var/log/maillog] sourcetype=maillog index=syslog
Which file is now monitored?
A. /var/log/messages
B. /var/log/maillog
C. /var/log/maillog and /var/log/messages D. none of the above
C. /var/log/maillog and /var/log/messages
In which phase of the index time process does the license metering occur? A. Input phase B. Parsingphase C. Indexing phase D. Licensing phase
C. Indexing phase
You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list –-debug. What will the output be?
A. A list of all the configurations on-disk that Splunk contains.
B. A verbose list of all configurations as they were when splunkd started.
C. A list of props.conf configurations as they are on-disk along with a file path from which the configuration is located.
D. A list of the current running props.conf configurations along with a file path from which the configuration was made.
D. A list of the current running props.conf configurations along with a file path from which the configuration was made.
When running the command shown below, what is the default path in which deploymentserver.conf is created? splunk set deploy-poll deployServer:port A. SPLUNK_HOME/etc/deployment B. SPLUNK_HOME/etc/system/local C. SPLUNK_HOME/etc/system/default D. SPLUNK_HOME/etc/apps/deployment
B. SPLUNK_HOME/etc/system/local
The priority of layered Splunk configuration files depends on the file’s: A. Owner B. Weight C. Context D. Creation time
C. Context
When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists? A. Slashnotation B. Regular expression C. Irregular expression D. Wildcard-only expression
B. Regular expression
What is required when adding a native user to Splunk? (Select all that apply.) A. Password B. Username C. Full Name D. Default app
C. Full Name
D. Default app
What are the minimum required settings when creating a network input in Splunk? A. Protocol,portnumber B. Protocol,port,location C. Protocol, username, port D. Protocol, IP, port number
A. Protocol,portnumber
Which Splunk component requires a Forwarder license? A. Searchhead B. Heavyforwarder C. Heaviest forwarder D. Universal forwarder
B. Heavyforwarder
Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)? A. _TCP_ROUTING B. _INDEXER_LIST C. _INDEXER_GROUP D. _INDEXER_ROUTING
A. _TCP_ROUTING
To set up a network input in Splunk, what needs to be specified? A. Filepath. B. Usernameandpassword. C. Network protocol and port number. D. Network protocol and MAC address.
A. Filepath
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
A. Universal forwarder
B. Parsingforwarder
C. Heavyforwarder
D. Advancedforwarder
C. Heavyforwarder
Which of the following statements describe deployment management? (Select all that apply.)
A. Requires an Enterprise license.
B. Is responsible for sending apps to forwarders.
C. Once used, is the only way to manage forwarders.
D. Can automatically restart the host OS running the forwarder.
A. Requires an Enterprise license
During search time, which directory of configuration files has the highest precedence? A. $SPLUNK_HOME/etc/system/local B. $SPLUNK_HOME/etc/system/default C. $SPLUNK_HOME/etc/apps/app1/local D. $SPLUNK_HOME/etc/users/admin/local
C. $SPLUNK_HOME/etc/apps/app1/local