Splunk
SPLK-3003 · Question #78
SPLK-3003 Question #78: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-3003 to reveal the answer and full explanation for question #78. The question stem and answer options stay visible for context.
Question
When monitoring and forwarding events collected from a file containing unstructured textual events, what is the difference in the Splunk2Splunk payload traffic sent between a universal forwarder (UF) and indexer compared to the Splunk2Splunk payload sent between a heavy forwarder (HF) and the indexer layer? (Assume that the file is being monitored locally on the forwarder.)
Options
- AThe payload format sent from the UF versus the HF is exactly the same. The payload size is
- BThe UF sends a stream of data containing one set of medata fields to represent the entire stream,
- CThe UF will generally send the payload in the same format, but only when the sourcetype is
- DThe HF sends a stream of 64K TCP chunks with one set of metadata fields attached to represent
Unlock SPLK-3003 to see the answer
You've previewed enough free SPLK-3003 questions. Unlock SPLK-3003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.