SPLK-2002 exam

Which of the following are true statements about Splunk indexer clustering?A . All peer nodes must run exactly the same Splunk version.B . The master node must run the same or a later Splunk version than search heads.C . The peer nodes must run the same or a later Splunk...

In the deployment planning process, when should a person identify who gets to see network data?A . Deployment scheduleB . Topology diagrammingC . Data source inventoryD . Data policy definitionView AnswerAnswer: D Explanation: In the deployment planning process, a person should identify who gets to see network data in the...

A Splunk architect has inherited the Splunk deployment at Buttercup Games and end users are complaining that the events are inconsistently formatted for a web source. Further investigation reveals that not all weblogs flow through the same infrastructure: some of the data goes through heavy forwarders and some of the...

To reduce the captain's work load in a search head cluster, what setting will prevent scheduled searches from running on the captain?A . adhoc_searchhead = true (on all members)B . adhoc_searchhead = true (on the current captain)C . captain_is_adhoc_searchhead = true (on all members)D . captain_is_adhoc_searchhead = true (on the...

Configurations from the deployer are merged into which location on the search head cluster member?A . SPLUNK_HOME/etc/system/localB . SPLUNK_HOME/etc/apps/APP_HOME/localC . SPLUNK_HOME/etc/apps/search/defaultD . SPLUNK_HOME/etc/apps/APP_HOME/defaultView AnswerAnswer: B Explanation: Configurations from the deployer are merged into the SPLUNK_HOME/etc/apps/APP_HOME/local directory on the search head cluster member. The deployer distributes apps and other configurations to...

A three-node search head cluster is skipping a large number of searches across time. What should be done to increase scheduled search capacity on the search head cluster?A . Create a job server on the cluster.B . Add another search head to the cluster.C . server.conf captain_is_adhoc_searchhead = true.D ....

What is the minimum reference server specification for a Splunk indexer?A . 12 CPU cores, 12GB RAM, 800 IOPSB . 16 CPU cores, 16GB RAM, 800 IOPSC . 24 CPU cores, 16GB RAM, 1200 IOPSD . 28 CPU cores, 32GB RAM, 1200 IOPSView AnswerAnswer: A Explanation: The minimum reference server...

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?A . Configure syslog to send the data to multiple Splunk indexers.B . Use a Splunk indexer to collect a network input on...

Before users can use a KV store, an admin must create a collection. Where is a collection is defined?A . kvstore.confB . collection.confC . collections.confD . kvcollections.confView AnswerAnswer: C Explanation: A collection is defined in the collections.conf file, which specifies the name, schema, and permissions of the collection. The kvstore.conf...

Which of the following commands is used to clear the KV store?A . splunk clean kvstoreB . splunk clear kvstoreC . splunk delete kvstoreD . splunk reinitialize kvstoreView AnswerAnswer: A Explanation: The splunk clean kvstore command is used to clear the KV store. This command will delete all the collections...