Which of these are true statements about Heavy Forwarders? (Select all that apply)

Select all valid Windows specific Input types. (Select all that apply)

Which of the following are true about the Windows Universal Forwarder?

If set to 1, monitoring begins at the end of the file like (*NIX tail-f)

Monitor stanzas in inputs.conf supports these wildcards. (Select all that apply)

The host_segment parameter sets the segment of the path as the host. Path segments are separated by what character?

You can override the default host value with these three methods: (Select all that apply)

Based on use case scenarios, you may want to disable Splunk Web on the Heavy Forwarder. This can be done in which conf file?

For Heavy Forwarders, you can deploy an ______ file from the deployment server to receive data.

Windows Input configuration options allow for the setting of ___ whitelist and blacklist per stanza.

Which of the following is true about Indexer Acknowledgment?(Select all that apply)

In load-balanced situations, if the forwarder can‘t reach an indexer for any reason, what happens?

Normally, the event boundary is determined on the _______.

What is the default frequency for Time-based load balancing?

Which of the following answers are true about turning on SSL for Forwarding streams?(Select all that apply)

Universal Forwarders can be configured to send data to two different indexes using what? (Select all that apply)

Which index on the indexer would you search to see if your forwarder is configured correctly and sending data?

On a Forwarder, how would you add an indexer via the CLI?

Which of the following are true about configuring wmi.conf for Windows remote inputs? (Select all that apply)

Event collector can be set up on: (Select all that apply)

Which of the following are true about HTTP Event Collectors? (Select all that apply)

What version of Splunk should be running on the test environment deployment?

What are data modifications in props.conf based on?

What stanzas can you use wildcards(*) and regex in?

What .conf file should you configure in your forwarder if you have input phase settings?

During the input phase, Splunk sets all input data to UTF-8 encoding by default, what attribute can override this?

What should you set the attribute to for character encoding during the input phase to override the default so that splunk software can automatically detect languages and proper character sets?

When you add a directory monitor and specify a ________ explicitly, it applies to all files in the directory and subdirectories.

What .conf file can you use to override the source type for directory monitors?

What .conf file can you omit the source type in?

As data arrives into the indexer and goes through the parsing phase, the data is broken into ____.

Splunk parsing phase determines where one event ___ and the next event ____ .

For handling single line events, set SHOULD_LINEMERGE to ________ in apps/App/local/props.conf to explicitly set line breaking. By default, it is set to _________, assuming events span over multi lines.

The btprobe command is used to reset one source for re-indexing. Correct or Incorrect?

When memory queue is full, persistent queue is used and is preserved across RESTARTS. Hint: This is a solution of input failure. Correct or Incorrect?

All modifications and extractions are written to disk along with _raw and metadata. Correct or Incorrect?

sedcmd can be used to eliminate unwanted events. Correct or Incorrect?

When using transforms.conf, the SOURCE_KEY is set to _raw by default. Correct or Incorrect?

The Monitoring Console (MC) is a Splunk app used to monitor and investigate Splunk performance, resource usage and more. This can be used by the admin or power user. Correct or Incorrect?

When you delete an app, all of its related configuration files and scripts are deleted from the Splunk server. Including the user‘s private app artifacts. Correct or Incorrect?

When overriding defaults, the correct method is to do so in the local directory at the same scope and copying the entire config file. Correct or Incorrect?

If the app is changed on the Deployment Server, then the forwarder will load the updated app after its next restart (splunk restart). Correct or Incorrect?

When using the delete command, Splunk marks the events as deleted and they never show in searches or index again. Correct or Incorrect?

Where do you delete the fishbucket file to re-index data?

A ________ is used to distribute apps and configs on a distributed system.

A ________ is used for search head apps and configurations.

Where is deploymentclient.conf located?

By default, the admin has the ability to delete using the delete command. Correct or Incorrect?

Users that have been locked out or have forgotten their password, can be unlocked or reset from the CLI only. Correct or Incorrect?

For a Network Input Queue, if the indexers cannot be reached, the forwarder will maintain data in the output QUEUE. Correct or Incorrect?

The use of btprobe requires stopping splunk on whatever system you‘re running it on. Correct or Incorrect?

Which installer would you use to install a search head?

Which configuration file tells a Splunk instance to ingest data?

This command will create stanza(s) in which file? splunk add forward-server indexer:recieving-port

Which of the following are true about splunkd:

What counts against your daily license quota?

What is the Default Metadata Setting when you index a data source?

After clicking on Add Data and navigating to Setting > Data inputs > Add New, what are the 3 data options are provided?

Once created in the Web UI, the input configuration is saved in _________.

Which types of data does Splunk support?

What are the ways you can add data inputs into Splunk?

Which of the following statements are true in a production environment:(Choose all that apply)

Indexers listen on ________ for the forwarded data.

On a Universal Forwarder, what is the output bandwidth constrained to by default?

Which file do Forwarders require to be configured to send data to indexers?