SPLK-2002 exam

To optimize the distribution of primary buckets; when does primary rebalancing automatically occur? (Select all that apply.)A . Rolling restart completes.B . Master node rejoins the cluster.C . Captain joins or rejoins cluster.D . A peer node joins or rejoins the cluster.View AnswerAnswer: A, B, D Explanation: Primary rebalancing automatically...

A multi-site indexer cluster can be configured using which of the following? (Select all that apply.)A . Via Splunk Web.B . Directly edit SPLUNK_HOME/etc./system/local/server.confC . Run a Splunk edit cluster-config command from the CLI.D . Directly edit SPLUNK_HOME/etc/system/default/server.confView AnswerAnswer: B, C Explanation: A multi-site indexer cluster can be configured by...

Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?A . Setting the cluster search factor to N-1.B . Increasing the number of buckets per index.C . Decreasing the data model acceleration range.D . Setting the cluster...

In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?A . site_search_factor = origin:2, site1:2, total:4B . site_search_factor = origin:2, site2:1, total:4C . site_replication_factor = origin:2, site1:2, total:4D . site_replication_factor = origin:2,...

Which of the following should be included in a deployment plan?A . Business continuity and disaster recovery plans.B . Current logging details and data source inventory.C . Current and future topology diagrams of the IT environment.D . A comprehensive list of stakeholders, either direct or indirect.View AnswerAnswer: A, B, C...

The guidance Splunk gives for estimating size on for syslog data is 50% of original data size. How does this divide between files in the index?A . rawdata is: 10%, tsidx is: 40%B . rawdata is: 15%, tsidx is: 35%C . rawdata is: 35%, tsidx is: 15%D . rawdata is:...

In search head clustering, which of the following methods can you use to transfer captaincy to a different member? (Select all that apply.)A . Use the Monitoring Console.B . Use the Search Head Clustering settings menu from Splunk Web on any member.C . Run the splunk transfer shcluster-captain command from...

Which of the following describe migration from single-site to multisite index replication?A . A master node is required at each site.B . Multisite policies apply to new data only.C . Single-site buckets instantly receive the multisite policies.D . Multisite total values should not exceed any single-site factors.View AnswerAnswer: B Explanation:...

Which Splunk Enterprise offering has its own license?A . Splunk Cloud ForwarderB . Splunk Heavy ForwarderC . Splunk Universal ForwarderD . Splunk Forwarder ManagementView AnswerAnswer: C Explanation: The Splunk Universal Forwarder is the only Splunk Enterprise offering that has its own license. The Splunk Universal Forwarder license allows the forwarder...

What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?A . btool.logB . metrics.logC . splunkd.logD . tailing_processor.logView AnswerAnswer: D Explanation: The tailing_processor.log file would be the best place to search if you suspect there is a...