SPLK-1005 V2

Which of the following statements is true about data transformations using SEDCMD? A. Can only be used to mask or truncate raw data. B. Configured in props.conf and transform.conf. C. Can be used to manipulate the sourcetype per event. D. Operates on a REGEX pattern match of the source, sourcetype,...

Which of the following statements regarding apps in Splunk Cloud is true?A . Self-service install of premium apps is possible.B . Only Cloud certified and vetted apps are supported.C . Any app that can be deployed in an on-prem Splunk Enterprise environment is also supported on Splunk Cloud.D . Self-service...

A monitor has been created in inputs. con: for a directory that contains a mix of file types. How would a Cloud Admin fine-tune assigned sourcetypes for different files in the directory during the input phase?A . On the Indexer parsing the data, leave sourcetype as automatic for the directory...

What is the correct syntax to monitor /apache/too/logo, /apache/bor/logs, and /apache/bar/l/logo? A) B) C) D) A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: B Explanation: In the context of Splunk, when configuring data inputs to monitor specific directories, the correct syntax must match the...

Which of the following lists all parameters supported by the acceptFrom argument?A . IPv4, IPv6, CIDRs, DNS names, WildcardsB . IPv4, IPv6, CIDRs, DNS namesC . CIDRs, DNS names, WildcardsD . IPv4. CIDRs, DNS names. WildcardsView AnswerAnswer: B Explanation: The acceptFrom parameter is used in Splunk to specify which IP...

When should Splunk Cloud Support be contacted?A . For scripted input troubleshooting.B . For all configuration changes.C . When unable to resolve issues or perform problem isolation.D . For resizing, license changes, or any purchases.View AnswerAnswer: C Explanation: Splunk Cloud Support should be contacted when issues arise that cannot be...

In which of the following situations should Splunk Support be contacted?A . When a custom search needs tuning due to not performing as expected.B . When an app on Splunkbase indicates Request Install.C . Before using the delete command.D . When a new role that mirrors sc_admin is required.View AnswerAnswer:...

Which of the following is correct in regard to configuring a Universal Forwarder as an Intermediate Forwarder? A. This can only be turned on using the Settings > Forwarding and Receiving menu in Splunk Web/UI. B. The configuration changes can be made using Splunk Web. CU, directly in configuration files,...

Which of the following are features of a managed Splunk Cloud environment?A . Availability of premium apps, no IP address whitelisting or blacklisting, deployed in US East AWS region.B . 20GB daily maximum data ingestion, no SSO integration, no availability of premium apps.C . Availability of premium apps, SSO integration,...

Consider the following configurations: What is the value of the sourcetype property for this stanza based on Splunk's configuration file precedence?A . NULL, or unset, due to configuration conflictB . access_corabinedC . linux aacursD . linux_secure, access_combinedView AnswerAnswer: C Explanation: When there are conflicting configurations in Splunk, the platform resolves...