SPLK-1003 · Question #141
SPLK-1003 Question #141: Real Exam Question with Answer & Explanation
The correct answer is D: If Splunk is restarted, data may be lost.. This is because the input type is UDP, which is an unreliable protocol that does not guarantee delivery, order, or integrity of the data packets. UDP does not have any mechanism to resend or acknowledge the data packets, so if Splunk is restarted, any data that was in transit or
Question
The following stanzas in inputs. conf are currently being used by a deployment client: [udp: //145.175.118.177:1001 Connection_host = dns sourcetype = syslog Which of the following statements is true of data that is received via this input?
Options
- AIf Splunk is restarted, data will be queued and then sent when Splunk has restarted.
- BLocal firewall ports do not need to be opened on the deployment client since the port is defined in
- CThe host value associated with data received will be the IP address that sent the data.
- DIf Splunk is restarted, data may be lost.
Explanation
This is because the input type is UDP, which is an unreliable protocol that does not guarantee delivery, order, or integrity of the data packets. UDP does not have any mechanism to resend or acknowledge the data packets, so if Splunk is restarted, any data that was in transit or in the buffer may be dropped and not indexed.
Topics
Community Discussion
No community discussion yet for this question.