SPLK-1003 - System Admin Exam 2023,
Complete Verified Solution
Which of the following configuration files are used with a universal forwarder?
(Choose all that apply.)
A. forwarder.conf i
B. outputs.conf
C. monitor.conf
D. Inputs.conf
B. outputs.conf
D. inputs.conf
Which setting in indexes.conf allows data retention to be controlled by time?
A. frozenTimePeriodInSecs
B. maxDaysToKeep
C. maxDataRetentionTime
D. moveToFrozenAfter
A. frozenTimePeriodInSecs
The universal forwarder has which capabilities when sending data? (Choose all
that apply.)
A. Obfuscating/hiding data
B. Indexer acknowledgement
C. Compressing data
D. Sending alerts
B. Indexer acknowledgement
In case of a conflict between a whitelist and a blacklist input setting, which one is
used?
A. Whichever is entered into the configuration first.
B. Whitelist
C. They cancel each other out.
D. Blacklist
D. Blacklist
In which Splunk configuration is the SEDCMD used?
A. inputs.conf
B. transforms.conf
C. props.conf
D. indexes.conf
C. props.conf
Which of the following are supported configuration methods to add inputs on a
forwarder? (Choose all that apply.)
A. Edit forwarder.conf
B. Forwarder Management
C. Edit inputs.conf
D. CLI
C. Edit inputs.conf
D. CLI
,Which forwarder type can parse data prior to forwarding?
A. Universal forwarder
B. Hyper forwarder
C. Heavy forwarder
D. Heaviest forwarder
C. Heavy forwarder
Which parent directory contains the configuration files in Splunk?
A. $SPLUNK_HOME/etc
B.$SPLUNK_HOME/var
C. $SPLUNK_HOME/conf
D. $SPLUNK_HOME/default
A. $SPLUNK_HOME/etc
Which Splunk component consolidates the individual results and prepares
reports in a distributed environment?
A. Indexers
B. Forwarder
C. Search Head
D. Search Peers
C. Search Head
Where should apps be located on the deployment server that the clients pull
from:
A. SPLUNK_HOME/deployment-apps
B. SPLUNK_HOME/etc/apps
C. SPLUNK_HOME/master-apps
D. SPLUNK_HOME/etc/search
A. SPLUNK_HOME/deployment-apps
Which Splunk component distributes apps and certain other configuration
updates to search head cluster members?
A. Cluster Master
B. Search head cluster master
C. Deployment Server
D. Deployer
A. Deployer
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
(monitor:///var/log/messagesl
sourcetypesyslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a
deployment server and deploys the same app with a new inputs.conf
file:
/opt/splunk/etc/deployment-apps/myJA/local/inputs.conf
(monitor:///var/log/maillogl
sourcetype=maillog
index=syslog
, Which file is now monitored?
A. /var/log/messages
B. /var/log/maillog
C. /var/log/maillog and /var/log/messages
D. none of the above
B. /var/log/maillog
In which phase of the index time process does the license metering occur?
A. Input phase
B. Parsing phase
C. Indexing phase
D. Licensing phase
C. Indexing phase
You update a props.conf file while Splunk Is running. You do not restart Splunk
and you run this command: splunk btool props list .debug. What
will the output be?
A. A list of props.conf configurations as they are on-disk along with a file path
from which the configuration is located.
B. A verbose list of all configurations as they were when splunkd started.
C. A list of the current running props.conf configurations along with a file path
from which the configuration was made.
D. A list of all the configurations on-disk that Splunk contains.
A. A list of props.conf configurations as they are on-disk along with a file path from
which the configuration is located.
When running the command shown below, what is the default path in which
deploymentserver.conf is created? splunk set deploy.poll
deployserver:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C.t
B. SPLUNK_HOME/etc/system/local
The priority of layered Splunk configuration files depends on the flles:
A. Creation time
8. Context
C. Owner
D. Weight
B. Context
When configuring monitor inputs with whitelists or blacklists, what is the
supported method of filtering the lists?
A. Slash notation
B. Regular expression
C. Irregular expression
D. Wildcardonly expression
B. Regular expression
Complete Verified Solution
Which of the following configuration files are used with a universal forwarder?
(Choose all that apply.)
A. forwarder.conf i
B. outputs.conf
C. monitor.conf
D. Inputs.conf
B. outputs.conf
D. inputs.conf
Which setting in indexes.conf allows data retention to be controlled by time?
A. frozenTimePeriodInSecs
B. maxDaysToKeep
C. maxDataRetentionTime
D. moveToFrozenAfter
A. frozenTimePeriodInSecs
The universal forwarder has which capabilities when sending data? (Choose all
that apply.)
A. Obfuscating/hiding data
B. Indexer acknowledgement
C. Compressing data
D. Sending alerts
B. Indexer acknowledgement
In case of a conflict between a whitelist and a blacklist input setting, which one is
used?
A. Whichever is entered into the configuration first.
B. Whitelist
C. They cancel each other out.
D. Blacklist
D. Blacklist
In which Splunk configuration is the SEDCMD used?
A. inputs.conf
B. transforms.conf
C. props.conf
D. indexes.conf
C. props.conf
Which of the following are supported configuration methods to add inputs on a
forwarder? (Choose all that apply.)
A. Edit forwarder.conf
B. Forwarder Management
C. Edit inputs.conf
D. CLI
C. Edit inputs.conf
D. CLI
,Which forwarder type can parse data prior to forwarding?
A. Universal forwarder
B. Hyper forwarder
C. Heavy forwarder
D. Heaviest forwarder
C. Heavy forwarder
Which parent directory contains the configuration files in Splunk?
A. $SPLUNK_HOME/etc
B.$SPLUNK_HOME/var
C. $SPLUNK_HOME/conf
D. $SPLUNK_HOME/default
A. $SPLUNK_HOME/etc
Which Splunk component consolidates the individual results and prepares
reports in a distributed environment?
A. Indexers
B. Forwarder
C. Search Head
D. Search Peers
C. Search Head
Where should apps be located on the deployment server that the clients pull
from:
A. SPLUNK_HOME/deployment-apps
B. SPLUNK_HOME/etc/apps
C. SPLUNK_HOME/master-apps
D. SPLUNK_HOME/etc/search
A. SPLUNK_HOME/deployment-apps
Which Splunk component distributes apps and certain other configuration
updates to search head cluster members?
A. Cluster Master
B. Search head cluster master
C. Deployment Server
D. Deployer
A. Deployer
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
(monitor:///var/log/messagesl
sourcetypesyslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a
deployment server and deploys the same app with a new inputs.conf
file:
/opt/splunk/etc/deployment-apps/myJA/local/inputs.conf
(monitor:///var/log/maillogl
sourcetype=maillog
index=syslog
, Which file is now monitored?
A. /var/log/messages
B. /var/log/maillog
C. /var/log/maillog and /var/log/messages
D. none of the above
B. /var/log/maillog
In which phase of the index time process does the license metering occur?
A. Input phase
B. Parsing phase
C. Indexing phase
D. Licensing phase
C. Indexing phase
You update a props.conf file while Splunk Is running. You do not restart Splunk
and you run this command: splunk btool props list .debug. What
will the output be?
A. A list of props.conf configurations as they are on-disk along with a file path
from which the configuration is located.
B. A verbose list of all configurations as they were when splunkd started.
C. A list of the current running props.conf configurations along with a file path
from which the configuration was made.
D. A list of all the configurations on-disk that Splunk contains.
A. A list of props.conf configurations as they are on-disk along with a file path from
which the configuration is located.
When running the command shown below, what is the default path in which
deploymentserver.conf is created? splunk set deploy.poll
deployserver:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C.t
B. SPLUNK_HOME/etc/system/local
The priority of layered Splunk configuration files depends on the flles:
A. Creation time
8. Context
C. Owner
D. Weight
B. Context
When configuring monitor inputs with whitelists or blacklists, what is the
supported method of filtering the lists?
A. Slash notation
B. Regular expression
C. Irregular expression
D. Wildcardonly expression
B. Regular expression
