Splunk Study guides, Class notes & Summaries

Splunk - Scheduling Reports & Alerts Test 2023...

Which installer will you use to install the Search Head? a) Splunk Enterprise b) Splunk Universal Forwarder CORRECT ANSWER a) Splunk Enterprise When you install Splunk on a Windows OS, you also have to configure the boot-start. True or False CORRECT ANSWER False. You only need to do that on a Linux installation. Splunk must be manually started on *NIX until boot-start is enabled. The default Splunk Web port is: a) 8191 b) 8089 c) 8000 d) 8065 CORRECT ANSWER c) 8000 The defa...

Which Field/Value pair will return only events found in the index named security? A: Index=Security B: index=Security C: Index=security D: index!=Security CORRECT ANSWER index=Security Which statement describes field discovery at search time? A: Splunk automatically discovers only numeric fields B: Splunk automatically discovers only alphanumeric fields C: Splunk automatically discovers only manually configured fields D: Splunk automatically discovers only fields directly related ...

Which search string only returns events from hostWWW3? A. host=* B. host=WWW3 C. host=WWW* D. Host=WWW3 CORRECT ANSWER B. host=WWW3 Asking for events ONLY By default, how long does Splunk retain a search job? A. 10 Minutes B. 15 Minutes C. 1 Day D. 7 Days CORRECT ANSWER A. 10 minutes What must be done before an automatic lookup can be created? (Choose all that apply.) A. The lookup command must be used. B. The lookup definition must be created. C. The lookup file must b...

which parent directory contains the configuration files in Splunk? CORRECT ANSWER $SPLUNK_HOME/etc where can scripts for scripted inputs reside on the host file system? CORRECT ANSWER $SPLUNK_HOME/bin/scripts $SPLUNK_HOME/etc/system/bin In which Splunk configuration is the SEDCMD used CORRECT ANSWER User Role inheritance allows what to be inherited? CORRECT ANSWER Capabilities Index Access What are the correct order of steps in Duo Multifactor Authentication? CORRECT ANSWER 1. req...

Which of the following Splunk components typically resides on the machines where data originates? A. Indexer B. Forwarder C. Search head D. Deployment server CORRECT ANSWER B. Forwarder Which of the following searches would return events with failure in index netfw or warn or critical in index netops? A. (index=netfw failure) AND index=netops warn OR critical B. (index=netfw failure) OR (index=netops (warn OR critical)) C. (index=netfw failure) AND (index=netops (warn OR critical))...

Which setting in allows data retention to be controlled by time? CORRECT ANSWER frozenTimePeriodInSecs The universal forwarder has which capabilities when sending data? (2 answers) CORRECT ANSWER Compressing data Indexer acknowledgement In case of a conflict between a whitelist and a blacklist input setting, which one is used? CORRECT ANSWER Blacklist In which Splunk configuration is the SEDCMD used? CORRECT ANSWER Which of the following are supported configuration methods to add ...

Architect Exam Questions Answers 100% correct What specific things should be included in a deployment plan? -Goals -User Roles -Current topology, physical and logging -Splunk deployment topology -Data source inventory -Data policy definition -splunk Apps -Educ./training plan -Deployment Schedule What are the 3 main stages in a Splunk Deployment Infrastructure planning Splunk deployment and data enrichment user planning and roll out What are some examples of Architect t...

Within , which stanzas are valid for data modification? (select all that apply) A. Host B. Server C. Source D. Sourcetype CORRECT ANSWER ANSWER: ACD The universal forwarder has which capabilities when sending data? A. Sending alerts B. Compressing Data C. Obfuscating/hiding data D. Indexer acknowledgement CORRECT ANSWER ANSWER: BD When running the command show below, what is the default path in which deployment is created? splunk set deploy-poll deployServer:port A. SP...