- All Exams Instant Download
How much data can the customer ingest before search is locked out?
A customer has installed a 500GB Enterprise license. They also purchased and installed a 300GB, no enforcement license on the same license master. How much data can the customer ingest before search is locked out?A . 300GB . After this limit, search is locked out.C . 500GD . After this...
Which of the following commands is used to clear the KV store?
Which of the following commands is used to clear the KV store?A . splunk clean kvstoreB . splunk clear kvstoreC . splunk delete kvstoreD . splunk reinitialize kvstoreView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/237859/can-i-delete-all-data-from-a-kv-store-at-once.html
Which index-time props.conf attributes impact indexing performance? (Select all that apply.)
Which index-time props.conf attributes impact indexing performance? (Select all that apply.)A . REPORTB . LINE_BREAKERC . ANNOTATE_PUNCTD . SHOULD_LINEMERGEView AnswerAnswer: BD Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Data/Configureeventlinebreaking
What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)
What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)A . Distributes apps to SHC members.B . Bootstraps a clean Splunk install for a SHD . Distributes non-search related and manual configuration file changes.E . Distributes runtime knowledge object changes made by users across the...
Which Splunk server role regulates the functioning of indexer cluster?
Which Splunk server role regulates the functioning of indexer cluster?A . IndexerB . DeployerC . Master NodeD . Monitoring ConsoleView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Deploy/Indexercluster
Which of the following items might be the cause for this issue?
A Splunk architect has inherited the Splunk deployment at Buttercup Games and end users are complaining that the events are inconsistently formatted for a web sourcetype. Further investigation reveals that not all web logs flow through the same infrastructure: some of the data goes through heavy forwarders and some of...
Which of the following is true regarding Splunk Enterprise performance? (Select all that apply.)
Which of the following is true regarding Splunk Enterprise performance? (Select all that apply.)A . Adding search peers increases the maximum size of search results.B . Adding RAM to an existing search heads provides additional search capacity.C . Adding search peers increases the search throughput as search load increases.D ....
What additional information is needed to calculate the daily disk consumption, per indexer, if indexer clustering is implemented?
In an existing Splunk environment, the new index buckets that are created each day are about half the size of the incoming data. Within each bucket, about 30% of the space is used for rawdata and about 70% for index files. What additional information is needed to calculate the daily...
To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?
To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?A . repFactor = 0B . replicate = 0C . repFactor = autoD . replicate = autoView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Configurethepeerindexes
Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?
Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?A . Data encryption between Splunk Web and splunkd.B . Certificate authentication between forwarders and indexers.C . Certificate authentication between Splunk Web and search head.D . Data encryption for distributed search between search...
