SPLK-2001 Exam Dumps : Splunk Certified Developer Exam

The correct answer is A because the /servicesNS/-/data/saved/searches/mySearch endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role. The /servicesNS/-/data/saved/searches endpoint returns information about saved searches in a specific namespace. The - symbol in the URI means that the user and app context are inherited from the current session. Therefore, a power user can access the saved search information by using the - symbol, assuming the permissions are set appropriately. The other options are incorrect because they either use invalid endpoints or do not specify the user and app context correctly. You can find more information about the /servicesNS endpoint and the namespace in the Splunk REST API Reference Manual.

 The correct answer is A and B, because for a KV Store, a lookup stanza in the transforms.conf file must contain the collection and fields_list attributes. A lookup stanza is a configuration section in the transforms.conf file that defines the properties of a lookup, such as the lookup type, the lookup file or collection, the input and output fields, and the match type. A lookup is a feature that allows Splunk to enrich the events with additional data from an external source, such as a CSV file or a KV Store collection. For a KV Store lookup, the lookup stanza must have the collection attribute, which specifies the name of the KV Store collection to use, and the fields_list attribute, which specifies the fields to return from the KV Store collection2. The external_type and internal_type attributes are not required for a KV Store lookup, but for a scripted lookup, which is a type of lookup that uses an external script to perform the lookup operation.

The correct answer is A, B, and D, because they are all items that can be configured in inputs.conf. Inputs.conf is a configuration file that defines how Splunk ingests data from various sources, such as files, directories, network ports, scripts, or modular inputs. A modular input written in Python is a type of input that allows Splunk to ingest data from a custom source using a Python script. A file input monitoring a JSON file is a type of input that allows Splunk to monitor a file or directory for new or updated data in JSON format. An HTTP Event Collector as receiver of data from an app is a type of input that allows Splunk to receive data from an app via HTTP or HTTPS requests. A custom search command written in Python is not an item that can be configured in inputs.conf, but in commands.conf.