Exam (elaborations)
SPLUNK CLOUD CERTIFIED ADMIN QUESTIONS AND ANSWERS
- Course
- Institution
SPLUNK CLOUD CERTIFIED ADMIN QUESTIONS AND ANSWERS
[Show more]
Content preview
SPLUNK CLOUD CERTIFIED ADMIN QUESTIONS ANDANSWERS
List Splunk forwarder types - Answers-- The universal forwarder contains only the
components that are necessary to forward data
- A heavy forwarder is a full Splunk Enterprise instance that can index, search, and
change data as well as forward it. The heavy forwarder has some features disabled to
reduce system resource usage.
Describe the role of forwarders - Answers-Forwarders represent a much more robust
solution for data forwarding than raw network feeds, with their capabilities for:
- Tagging of metadata (source, source type, and host)
- Configurable buffering
- Data compression
- SSL security
- Use of any available network ports
Configure a forwarder to Splunk Cloud - Answers-1. Download and install the universal
forwarder software.
2. Download the Splunk universal forwarder credentials package.
3. Install the Splunk universal forwarder credentials package on the universal forwarder
machine. See Install and configure the Splunk Cloud universal forwarder credentials
package.
4. To manage forwarders using Splunk Web, configure the universal forwarder to act as
a deployment client.
5. Configure inputs to collect data from the host that the universal forwarder is on. For
an overview, see 6. Configure the universal forwarder. For detailed examples of using
the CLI to add inputs, see the individual data topics in Getting Data In.
Test the forwarder connection - Answers-- Have you verified that a connection is being
established between your machines? If you look in
$SPLUNK_HOME/var/log/splunk/splunkd.log you should see connection confirmation
events.
- If yes to the above, have you verified that the forwarder is actually getting data to
forward? To do this you can enable local indexing on your forwarder, so that it keeps a
copy of any incoming data.
, - If data gets indexed locally, but is not making it to your indexing instance, there may be
a firewall or network routing issue at fault. You can use tcpdump on your indexing server
to verify that data is actually being received on the specified port.
- After all of these checks, if you're still not seeing where the fault lies or where the data
is going, please run a 'splunk diag' on both your indexer and your forwarder, create a
case with Splunk SUpport and upload the diag output
Describe optional forwarder settings - Answers-- Load balancing = time or volume
- Intermediate forwarder
- Multiple pipeline sets
- batchSize
Describe the Splunk process for inputting data - Answers-- Through an app
- Through Splunk web
- CLI Inputs.conf
- Guided Data On-boarding
Three Splunk file processors - Answers-- Monitor (Continuously monitor files)
- MonitornoHandle (Windows only)
- Upload
Create file and directory monitor inputs - Answers-Settings > Add Data > Monitor > Files
& Directories and browse for a directory or file in the local Splunk server.
Use optional settings for monitor inputs - Answers-Batch [batch://system/flight815/*]
move_policy = sinkhole
MonitorNoHandle (Windows only)###### Monitor Inputs for DNS ######
[MonitorNoHandle://$WINDIR\System32\Dns\dns.log]
sourcetype=MSAD:NT6:DNS
disabled=0
Create network (TCP and UDP) inputs - Answers-- Go to Settings>Data
Inputs>TCP>New Local TCP>Set the port and other settings
- Go to the device that sends the TCP or UDP data and configure it to send data to the
data you created previously.
Details about network inputs - Answers-- You can configure Splunk to accept network
inputs at any port.
- Splunk enterprise/Cloud consumes any data that arrive at this ports
- TCP is recommended
- You can't directly send network data to Splunk Cloud unless you use a intermediate
forwarder with SSL certificate
- Splunk can act as a syslog server or a syslog message sender
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80461 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now