SPLK-1003 Splunk Exam Lab Questions

Splunk Enterprise Certified Admin Questions and Answers

Question 41

Which of the following statements apply to directory inputs? {select all that apply)

All discovered text files are consumed.

Compressed files are ignored by default

Splunk recursively traverses through the directory structure.

When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.

Question 42

What is the default value of LINE_BREAKER?

\r\n

([\r\n]+)

\r+\n+

(\r\n+)

Question 43

Consider the following stanza in inputs.conf:

What will the value of the source filed be for events generated by this scripts input?

/opt/splunk/ecc/apps/search/bin/liscer.sh

unknown

liscer

liscer.sh

Question 44

Where can scripts for scripted inputs reside on the host file system? (select all that apply)

$SFLUNK_HOME/bin/scripts

$SPLUNK_HOME/etc/apps/bin

$SPLUNK_HOME/etc/system/bin

$S?LUNK_HOME/etc/apps//bin_