SPLK-2002 exam

Which of the following commands is used to clear the KV store?A . splunk clean kvstoreB . splunk clear kvstoreC . splunk delete kvstoreD . splunk reinitialize kvstoreView AnswerAnswer: A Explanation: The splunk clean kvstore command is used to clear the KV store. This command will delete all the collections...

Which command will permanently decommission a peer node operating in an indexer cluster?A . splunk stop -fB . splunk offline -fC . splunk offline --enforce-countsD . splunk decommission --enforce countsView AnswerAnswer: C Explanation: The splunk offline --enforce-counts command will permanently decommission a peer node operating in an indexer cluster. This...

Which of the following is a way to exclude search artifacts when creating a diag?A . SPLUNK_HOME/bin/splunk diag --excludeB . SPLUNK_HOME/bin/splunk diag --debug --refreshC . SPLUNK_HOME/bin/splunk diag --disable=dispatchD . SPLUNK_HOME/bin/splunk diag --filter-searchstringsView AnswerAnswer: A Explanation: The splunk diag --exclude command is a way to exclude search artifacts when creating a...

Which Splunk tool offers a health check for administrators to evaluate the health of their Splunk deployment?A . btoolB . DiagGenC . SPL ClinicD . Monitoring ConsoleView AnswerAnswer: D Explanation: The Monitoring Console is the Splunk tool that offers a health check for administrators to evaluate the health of their...

What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?A . Disables search site affinity.B . Sets all members to dynamic captaincy.C . Enables multisite search artifact replication.D . Enables automatic search site affinity discovery.View AnswerAnswer: A Explanation: Setting site=site0 on all Search Head...

What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)A . Distributes apps to SHC members.B . Bootstraps a clean Splunk install for a SHC.C . Distributes non-search-related and manual configuration file changes.D . Distributes runtime knowledge object changes made by users across the SHC.View...

Which command is used for thawing the archive bucket?A . Splunk collectB . Splunk convertC . Splunk rebuildD . Splunk dbinspectView AnswerAnswer: C Explanation: The splunk rebuild command is used for thawing the archive bucket. Thawing is the process of restoring frozen data back to Splunk for searching. Frozen data...

Which search head cluster component is responsible for pushing knowledge bundles to search peers, replicating configuration changes to search head cluster members, and scheduling jobs across the search head cluster?A . MasterB . CaptainC . DeployerD . Deployment serverView AnswerAnswer: B Explanation: The captain is the search head cluster component...

At which default interval does metrics.log generate a periodic report regarding license utilization?A . 10 secondsB . 30 secondsC . 60 secondsD . 300 secondsView AnswerAnswer: C Explanation: The default interval at which metrics.log generates a periodic report regarding license utilization is 60 seconds. This report contains information about the...

When planning a search head cluster, which of the following is true?A . All search heads must use the same operating system.B . All search heads must be members of the cluster (no standalone search heads).C . The search head captain must be assigned to the largest search head in...