Splunk certified - Study guides, Class notes & Summaries

Which setting in alows data retention to be controlled by time? - Answer frozen TimePeriodInSecs What is required when adding a native user to Splunk - Answer Username Password When configuring monitoring inputs with whitelists or blacklists, what is the supported method of filtering the list? - Answer Regular Expression

which parent directory contains the configuration files in Splunk? $SPLUNK_HOME/etc where can scripts for scripted inputs reside on the host file system? $SPLUNK_HOME/bin/scripts $SPLUNK_HOME/etc/system/bin In which Splunk configuration is the SEDCMD used User Role inheritance allows what to be inherited? Capabilities Index Access What are the correct order of steps in Duo Multifactor Authentication? 1. request login 2.Duo MFA 3.Authentication Granted 4. Connect to SAML server 5. Log...

Within , which stanzas are valid for data modification? (select all that apply) A. Host B. Server C. Source D. Sourcetype ANSWER: ACD The universal forwarder has which capabilities when sending data? A. Sending alerts B. Compressing Data C. Obfuscating/hiding data D. Indexer acknowledgement ANSWER: BD When running the command show below, what is the default path in which deployment is created?

Splunk Certified Admin Dump Exam Questions With Complete Solutions Within , which stanzas are valid for data modification? (select all that apply) A. Host B. Server C. Source D. Sourcetype ANSWER: ACD The universal forwarder has which capabilities when sending data? A. Sending alerts B. Compressing Data C. Obfuscating/hiding data D. Indexer acknowledgement ANSWER: BD

(T/F) A workflow action can be applied to both fields and event types. - True (T/F) This is a valid search: | 'monthly_sales(euro, £, 0.79)' - False (True/false) "from" command can also retrieve data from saved searches, reports or lookup files - True (True/False) A private data model can be accelerated - False (True/False) A sparkline is an inline chart, that can be added to timechart - True (True/False) Accelerated data models can be edited - False (True/false) After a field alias...

Which of the following statements apply to directory inputs? (Select all the apply) A. All discovered text files are consumed B. Compressed files are ignored by default C. Splunk recursively traverses through the directory structure D. When adding new log files to a monitored directory, the forwarder must be restarted to take them into account. - Answer ANSWER: AC

What is the only writeable bucket type? The hot bucket By what filter are indexes divided into buckets? By time What are the 4 types of searches in Splunk (by performance) Dense, Sparse, Super Sparse, Rare In searches, what is the scanCount? The number of events scanned for that particular search What are the requirement of the underlying search in order to get multi-series table? The underlying search must use reporting search commands like chart or timechart What are the seven chart typ...

T/F: Machine data is always structured. - Answer- False. Machine data can be structured or unstructured. Machine data makes up for more than ___% of the data accumulated by organizations. - Answer- 90 T/F: Machine data is only generated by web servers. - Answer- False Search requests are processed by the ___________. - Answer- Indexers Search strings are sent from the _________. - Answer- Search Head In most Splunk deployments, ________ serve as the primary way data is suppli...

M1: What is machine data ? Data generated by machines, computer processing, application and sensor data etc... M1: Where machine data comes from ? Computers, network devices, sensors, phones, cars etc... M1: Is machine data always structured ? No M1: How much percent machine data is accumulated by organizations ? 90% M1: How Splunk process the unstructured machine data ? By adding it to a intelligent, searchable index.

Accelerated Migration IDX Cluster Rec settings - splunk edit cluster-config -max_peer_build_load 2 splunk edit cluster-config -max_peer_rep_load 4 Auth Files - Authentication Methods - -Splunk -LDAP -SAML -Scripted Bucket Components - /var/lib/splunk/myindex/db - -bloomfilter -H -S -S -S -.rawSize -bucket_ -ts -rawdata/ - - -slicesv2.d