SPLK-1003 Question #202: Real Exam Question with Answer & Explanation

The correct answer is C: [distributedSearch]. The search specifies splunk_server_group=HOUSTON, meaning the search should be executed on the HOUSTON server group. In distsearch.conf, the configuration under must include the correct list of servers (houston1:8089, [distributedSearch:HOUSTON] houston2:8089). The section includ

Distributed Search

Question

How would you configure your distsearch.conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON

Options

A[distributedSearch:NYC]
B[distributedSearch]
C[distributedSearch]
D[distributedSearch]

Explanation

The search specifies splunk_server_group=HOUSTON, meaning the search should be executed on the HOUSTON server group. In distsearch.conf, the configuration under must include the correct list of servers (houston1:8089, [distributedSearch:HOUSTON] houston2:8089). The section includes all servers for distributed [distributedSearch] search (nyc1:8089, nyc2:8089, houston1:8089, houston2:8089). This allows Splunk to access both the NYC and Houston server groups for the search execution.

Topics

#distsearch.conf#Search Groups#Distributed Search#Configuration

Community Discussion

No community discussion yet for this question.

Full SPLK-1003 Practice Browse All SPLK-1003 Questions