Which of the following is true as it relates to SHC resiliency when a network outage occurs between the two DCs?

A customer has a search cluster (SHC) of six members split evenly between two data centers (DC). The customer is concerned with network connectivity between the two DCs due to frequent outages. Which of the following is true as it relates to SHC resiliency when a network outage occurs between...

December 5, 2020 No Comments READ MORE +

A customer has a Universal Forwarder (UF) with an inputs.confmonitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer. Where does the Index time parsing occur?

A customer has a Universal Forwarder (UF) with an inputs.confmonitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer. Where does the Index time parsing occur?A . IndexerB . Universal forwarderC . Search headD . Heavy forwarderView AnswerAnswer: D Explanation: Reference: https://www.learnsplunk.com/splunk-interview-questions.html

December 5, 2020 No Comments READ MORE +

A customer has a Universal Forwarder (UF) with an inputs.confmonitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer. Where does the Index time parsing occur?

A customer has a Universal Forwarder (UF) with an inputs.confmonitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer. Where does the Index time parsing occur?A . IndexerB . Universal forwarderC . Search headD . Heavy forwarderView AnswerAnswer: D Explanation: Reference: https://www.learnsplunk.com/splunk-interview-questions.html

December 5, 2020 No Comments READ MORE +

Which of the following actions must be taken?

A site from a multi-site indexer cluster needs to be decommissioned. Which of the following actions must be taken?A . Nothing. Decommissioning a site is not possible.B . Create an alias for where the new data should be sent.C . Remove the site from the list of available sites.D ....

December 4, 2020 No Comments READ MORE +

Which configuration item should be set to false to significantly improve data ingestion performance?

Which configuration item should be set to false to significantly improve data ingestion performance?A . AUTO_KV_JSONB . BREAK_ONLY_BEFORE_DATEC . SHOULD_LINEMERGED . ANNOTATE_PUNCTView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.6/Data/Configureeventlinebreaking

December 3, 2020 No Comments READ MORE +

In a single indexer cluster, where should the Monitoring Console (MC) be installed?

In a single indexer cluster, where should the Monitoring Console (MC) be installed?A . Deployer sharing with master cluster.B . License master that has 50 clients or more.C . Cluster master nodeD . Production Search HeadView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.1.0/DMC/WheretohostDMC

December 2, 2020 No Comments READ MORE +

A customer has a Universal Forwarder (UF) with an inputs.confmonitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer. Where does the Index time parsing occur?

A customer has a Universal Forwarder (UF) with an inputs.confmonitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer. Where does the Index time parsing occur?A . IndexerB . Universal forwarderC . Search headD . Heavy forwarderView AnswerAnswer: D Explanation: Reference: https://www.learnsplunk.com/splunk-interview-questions.html

December 2, 2020 No Comments READ MORE +