SPLK-2001 Exam Dumps : Splunk Certified Developer Exam

The correct answer is C, because omitting the value of _key from the REST endpoint would cause all records in a collection to be deleted. The _key is a unique identifier for each record in a KV Store collection. The REST endpoint for deleting a record from a collection is /storage/collections/data//, where is the name of the collection and is the value of _key. If the is omitted, the REST endpoint becomes /storage/collections/data/, which deletes all records in the collection. The other options are incorrect because they are not the consequences of omitting the value of _key from the REST endpoint. Cleaning the KV store, deleting all content would require deleting all collections, not just one. Producing the syntax error “Key value missing” would not happen, because the REST endpoint is valid without the value. Meaning that the _key value must be passed as an argument would not make sense, because the argument is the same as the value in the REST endpoint.

The correct answer is A because the /servicesNS/-/data/saved/searches/mySearch endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role. The /servicesNS/-/data/saved/searches endpoint returns information about saved searches in a specific namespace. The - symbol in the URI means that the user and app context are inherited from the current session. Therefore, a power user can access the saved search information by using the - symbol, assuming the permissions are set appropriately. The other options are incorrect because they either use invalid endpoints or do not specify the user and app context correctly. You can find more information about the /servicesNS endpoint and the namespace in the Splunk REST API Reference Manual.

 The correct answer is B, C, and D because these are the ways to enable indexer acknowledgement for HTTP Event Collector (HEC). Indexer acknowledgement is a feature that ensures that the data sent to HEC is successfully indexed by Splunk before deleting it from the sender. Option B is correct because you can use a REST request to create a token with the indexer_ack property set to 1. Option C is correct because you can select the checkbox labeled “Enable indexer acknowledgment” when creating a new HEC token in Splunk Web. Option D is correct because you can select the checkbox labeled “Enable indexer acknowledgment” when updating the Global Settings for HEC in Splunk Web. Option A is incorrect because indexer acknowledgment is not turned on by default. You can find more information about indexer acknowledgment for HEC in the Splunk Developer Guide.