Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
Which setting allows the configuration of Splunk to allow events to span over more than one line?
What is the correct attribute to set in inputs.conf in order to have data sent to a particular indexer group?
Consider the following stanza ininputs.conf:
What will the value of the source filed be for events generated by this scripts input?
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
Which of the following statements accurately describes using SSL to secure the feed from a forwarder?
Which of the following is an acceptable channel value when using the HTTP Event Collector indexer acknowledgment capability?
For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
Which scenario is applicable given the stanzas in authentication.conf below?
[authentication]
externalTwoFactorAuthVendor = Duo
externalTwoFactorAuthSettings = duoMFA
[duoMFA]
integrationKey = aGFwcHliaXJ0aGRheU1pZGR5
secretKey = YXVzdHJhaWxpYW5Gb3JHcmVw
applicationKey = c3BsaW5raW5ndGhlcGx1bWJ1c3NpbmN1OTU
apiHostname = 466993018.duosecurity.com
failOpen = True
timeout = 60
An organization wants to collect Windows performance data from a set of clients, however, installing Splunk
software on these clients is not allowed. What option is available to collect this data in Splunk Enterprise?
Which of the following are methods for adding inputs in Splunk? (select all that apply)
Which of the following accurately describes HTTP Event Collector indexer acknowledgement?
What is the importance of modifying Transparent Huge Pages (THP) and ulimit settings when installing Splunk Enterprise?
Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as
follows: 123-44-5678.
Which configuration file and stanza pair will mask possible SSNs in the log events?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
What is the correct curl to send multiple events through HTTP Event Collector?
There is a file with a vast amount of old data. Which of the following inputs.conf attributes would allow an admin to monitor the file for updates without indexing the pre-existing data?
What are the minimum required settings when creating a network input in Splunk?
A request has been made to restrict lookup files up to 500 megabytes for replication . Anything larger should not be replicated . Which of the following parameters provides the correct control for this scenario?
Which of the following methods will connect a deployment client to a deployment server? (select all that apply)
Where should apps be located on the deployment server that the clients pull from?
A Universal Forwarder has the following active stanza in inputs . conf:
[monitor: //var/log]
disabled = O
host = 460352847
An event from this input has a timestamp of 10:55. What timezone will Splunk add to the event as part of indexing?
A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?
A user recently installed an application to index NCINX access logs. After configuring the application, they realize that no data is being ingested. Which configuration file do they need to edit to ingest the access logs to ensure it remains unaffected after upgrade?
When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?
A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?
In inputs. conf, which stanza would mean Splunk was only reading one local file?
Which of the following lists the three phases of the Splunk Indexing process in order?
What is required when adding a native user to Splunk? (select all that apply)
Who provides the Application Secret, Integration, and Secret keys, as well as the API Hostname when setting
up Duo for Multi-Factor Authentication in Splunk Enterprise?
After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?
Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?
What is the correct example to redact a plain-text password from raw events?
A user is assigned two roles with the following search filters. What is the user ' s applied search filter?
Which Splunk component would one use to perform line breaking prior to indexing?
Which feature of Splunk’s role configuration can be used to aggregate multiple roles intended for groups of
users?
A security team needs to ingest a static file for a specific incident. The log file has not been collected previously and future updates to the file must not be indexed.
Which command would meet these needs?
Which of the following is an appropriate description of a deployment server in a non-cluster environment?
The Splunk administrator wants to ensure data is distributed evenly amongst the indexers. To do this, he runs
the following search over the last 24 hours:
index=*
What field can the administrator check to see the data distribution?
Windows can prevent a Splunk forwarder from reading open files. If files need to be read while they are being written to, what type of input stanza needs to be created?
A Universal Forwarder is monitoring a very active syslog stream and as a result is unable to switch between destinations. How would an admin safely remediate this issue?
Given a forwarder with the following outputs.conf configuration:
[tcpout : mypartner]
Server = 145.188.183.184:9097
[tcpout : hfbank]
server = inputsl . mysplunkhfs . corp : 9997 , inputs2 . mysplunkhfs . corp : 9997
Which of the following is a true statement?
Assume a file is being monitored and the data was incorrectly indexed to an exclusive index. The index is
cleaned and now the data must be reindexed. What other index must be cleaned to reset the input checkpoint
information for that file?