SPLK-1003 Practice Questions

What conf file needs to be edited to set up distributed search groups?

After configuring a universal forwarder to communicate with an indexer, which index can be checked via the Splunk Web UI for a successful connection?

Which of the following are available input methods when adding a file input in Splunk Web? (Choose all that apply.)

Which is a valid stanza for a network input?

Which additional component is required for a search head cluster?

When are knowledge bundles distributed to search peers?

Assume a file is being monitored and the data was incorrectly indexed to an exclusive index. The index is cleaned and now the data must be reindexed. What other index must be clean...

If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?

How can native authentication be disabled in Splunk?

The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require multiple indexers. Following best practices, which types of Splunk component...

Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)

On the deployment server, administrators can map clients to server classes using client filters. Which of the following statements is accurate?

Which configuration file would be used to forward the Splunk internal logs from a search head to the indexer?

When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?

What is the valid option for a [monitor] stanza in inputs.conf?

Which of the following is a benefit of distributed search?

The CLI command splunk add forward-server indexer:<receiving-port> will create stanza(s) in which configuration file?

The Splunk administrator wants to ensure data is distributed evenly amongst the indexers. To do this, he runs the following search over the last 24 hours: index=* What field can th...

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as follows: 123-44-5678. Which configuration file and stanza pair will mas...

Where are deployment server apps mapped to clients?

Which Splunk configuration file is used to enable data integrity checking?

An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data is 300 GB per day. To minimize license issues, what is the best way to...

After how many warnings within a rolling 30-day period will a license violation occur with an enforced Enterprise license?

Who provides the Application Secret, Integration, and Secret keys, as well as the API Hostname when setting up Duo for Multi-Factor Authentication in Splunk Enterprise?

When does a warm bucket roll over to a cold bucket?

In a distributed environment, which Splunk component is used to distribute apps and configurations to the other Splunk instances?

How is a remote monitor input distributed to forwarders?

How is data handled by Splunk during the input phase of the data ingestion process?

Which option on the Add Data menu is most useful for testing data ingestion without creating inputs.conf?

An organization wants to collect Windows performance data from a set of clients, however, installing Splunk software on these clients is not allowed. What option is available to co...

Which of the following must be done to define user permissions when integrating Splunk with LDAP?

In which phase do indexed extractions in props.conf occur?

Which of the following statements describes how distributed search works?

Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations found in props.conf to be validated all through the UI?

Which of the following statements accurately describes using SSL to secure the feed from a forwarder?

Which feature of Splunk's role configuration can be used to aggregate multiple roles intended for groups of users?

Which of the following is the use case for the deployment server feature of Splunk?

When running a real-time search, search results are pulled from which Splunk component?

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: Event: [2...

Which of the following accurately describes HTTP Event Collector indexer acknowledgement?

What action is required to enable forwarder management in Splunk Web?

Which of the following is accurate regarding the input phase?

When indexing a data source, which fields are considered metadata?

What is the default value of LINE_BREAKER?

Which of the following monitor inputs stanza headers would match all of the following files? /var/log/www1/secure.log /var/log/www/secure.l /var/log/www/logs/secure.logs /var/log/w...

What are the values for host and index for [stanza1] used by Splunk during index time, given the following configuration files?

An index stores its data in buckets. Which default directories does Splunk use to store buckets? (Choose all that apply.)

The LINE_BREAKER attribute is configured in which configuration file?

After automatic load balancing is enabled on a forwarder, the time interval for switching indexers can be updated by using which of the following attributes?

A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?