Where can scripts for scripted inputs reside on the host file system? (Choose all that apply.)

The priority of layered Splunk configuration files depends on the file‘s:

When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?

What is required when adding a native user to Splunk? (Choose all that apply.)

What are the minimum required settings when creating a network input in Splunk?

Which Splunk component requires a Forwarder license?

Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)?

To set up a network input in Splunk, what needs to be specified?

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

Which of the following statements describe deployment management? (Choose all that apply.)

During search time, which directory of configuration files has the highest precedence?

Within props.conf, which stanzas are valid for data modification? (Choose all that apply.)

What is the correct order of steps in Duo Multifactor Authentication?

When running the command shown below, what is the default path in which deploymentserver.conf is created? splunk set deploy-poll deployServer:port

How does the Monitoring Console monitor forwarders?

What is required when adding a native user to Splunk? (Select all that apply.)

Which of the following are supported options when configuring optional network inputs?

What is the default character encoding used by Splunk during the input phase?

Which of the following enables compression for universal forwarders in outputs.conf?

User role inheritance allows what to be inherited from the parent role? (Choose all that apply.)

Which of the following statements apply to directory inputs? (Choose all that apply.)

How would you configure your distsearch.conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON

Which of the following is a valid distributed search group?

Local user accounts created in Splunk store passwords in which file?

For single line event sourcetypes, it is most efficient to set SHOULD_LINEMERGE to what value?

The universal forwarder has which capabilities when sending data? (Choose all that apply.)

You can unlock a user from the command line. Correct or Incorrect?

You have to configure a separate receiving port on the indexer for each universal forwarder. Correct or Incorrect?

When a Universal Forwarder is installed on Windows, the instance provides a GUI. Correct or Incorrect?

Knowledge bundles contain the knowledge objects required by the indexers for searching. Correct or Incorrect?

A quarantined search peer is prevented from performing new searches but continues to attempt to service any currently running search. Correct or Incorrect?

Search Head Clustering and Indexer clustering are the only two types of clustering provided by Splunk. Correct or Incorrect?

Monitoring Console (MC) can be used by the user and power user roles. Correct or Incorrect?

MC runs un-configured in standalone mode by default. Correct or Incorrect?

The Monitoring Console does not come with preconfigured health checks. Correct or Incorrect?

Health checks can be disabled, modified, created and exported. Correct or Incorrect?

Splunk Enterprise versions 6.5+ provides warnings, but does not disable searching during the violation period. Correct or Incorrect?

Which setting in indexes.conf allows data retention to be controlled by time?

If you want a role that is “like“ the user role, but with some capabilities turned off, you can create a new role that inherits from the user role, then remove some capabilities. Correct or Incorrect?

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

In which Splunk configuration is the SEDCMD used?

Which of the following are supported configuration methods to add inputs on a forwarder? (Choose all that apply.)

Which parent directory contains the configuration files in Splunk?

Which forwarder type can parse data prior to forwarding?

Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

Where should apps be located on the deployment server that the clients pull from?

This file has been manually created on a universal forwarder: /opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages] sourcetype=syslog index=syslog A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file: /opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf [monitor:///var/log/maillog] sourcetype=maillog index=syslog Which file is now monitored?

In which phase of the index time process does the license metering occur?

You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list ′“-debug. What will the output be?