100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
SPLUNK ADMIN QUESTIONS AND ANSWERS $10.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. SPLUNK CLOUD CERTIFIED ADMIN
  4.  
  5. SPLUNK CLOUD CERTIFIED ADMIN

Exam (elaborations)

SPLUNK ADMIN QUESTIONS AND ANSWERS
 3 views  0 purchase
  • Course
  • SPLUNK CLOUD CERTIFIED ADMIN
  • Institution
  • SPLUNK CLOUD CERTIFIED ADMIN

SPLUNK ADMIN QUESTIONS AND ANSWERS

Preview 2 out of 7  pages

Document information

  • October 25, 2024
  • 7
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • splunk admin questions and answers

Written for

  • SPLUNK CLOUD CERTIFIED ADMIN
  • SPLUNK CLOUD CERTIFIED ADMIN

Seller

avatar-seller
GEEKA

Reviews received

Content preview

SPLUNK ADMIN QUESTIONS AND ANSWERS

Where are license files stored? - Answers-$SPLUNK_HOME/etc/licenses

What type of data is counted against the Enterprise license at a fixed 150 bytes per
event? - Answers-Metrics Data

This file has been manually created on a universal forwarder.

/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog

A new Splunk admin comes in and connects the universal forwarders to a deployment
server and deploys the same app with a new inputs.conf file

/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog]
sourcetype=maillog
index=syslog

What file is now monitored? - Answers-/var/log/maillog

Which optional configuration setting in inputs.conf allows you to selectively forward the
data to specific indexer(s)? - Answers-_TCP_ROUTING

How often does Splunk recheck the LDAP server - Answers-Each time a user logs in.

When running the command shown below, what is the default path in which deployment
server.conf is created?

splunk set deploy-poll deployServer:port - Answers-SPLUNK_HOME/etc/system/local

The universal forwarder has which capabilities when sending data? (select all that
apply) - Answers-Compressing data
Indexer acknowledgement

Where should apps be located on the deployment server that the clients pull from? -
Answers-$SPLUNK_HOME/etc/deployment-apps

In which Splunk configuration file is the SEDCMD used? - Answers-props.conf

What are the two methods Splunk uses for raw data transformations? (added ques) -
Answers-SEDCMD (uses only props.conf)

, TRANSFORMS (uses props.conf and transforms.conf - more flexible - transforms
matching events based on source, sourcetype, or host)

When configuring monitor inputs with whitelists or blacklists, what is the supported
method of filtering the lists? - Answers-Regular expression

User role inheritance allows what to be inherited from the parent role? (Select all that
apply) - Answers-Capabilities
Index access

What are the required stanza attributes when configuring the transforms.conf to
manipulate or remove events? - Answers-REGEX, DEST_KEY, FORMAT

What hardware attribute would need to be changed to increase the number of
simultaneous searches (ad-hoc and scheduled) on a single search head? - Answers-
CPU's

Which valid bucket types are searchable? - Answers-Hot buckets; Warm buckets; Cold
buckets

Which of the following are supported configuration methods to add inputs on a
forwarder? - Answers-CLI
Edit inputs.conf
Forwarder Management

Which setting in indexes.conf allows data retention to be controlled by time? - Answers-
frozenTimePeriodInSecs

Which stanza enables compression for universal forwarders in outputs.conf? - Answers-
[tcpout]
defaultGroup=my_indexers
compressed=true

To set up a network input in Splunk, what needs to be specified? - Answers-Network
protocol and port number

What license does enterprise deployment require? - Answers-Requires an Enterprise
license

For single line event sourcetypes it is more efficient to set SHOULD_LINEMERGE to
what value? - Answers-SHOULD_LINEMERGE = false
(Path: SPLUNK_HOME/etc/apps/mycustom_addon/local/props.conf)

What is the difference between the two wildcards ... and * for the monitor stanza in
inputs.conf? - Answers-* matches anything in that specific directory path segment but

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81989 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.99
  • (0)
  Add to cart