CertsTopics Logo

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Splunk SPLK-1003 Based on Real Exam Environment

Page: 3 / 14
Total 185 questions
Get SPLK-1003 Full Access Download SPLK-1003 PDF

Splunk Enterprise Certified Admin Questions and Answers

Question 9

Which Splunk component does a search head primarily communicate with?

Options:

A.

Indexer

B.

Forwarder

C.

Cluster master

D.

Deployment server

Question 10

Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)

Options:

A.

inputs.conf

B.

monitor.conf

C.

outputs.conf

D.

forwarder.conf

Question 11

Which of the following monitor inputs stanza headers would match all of the following files?

/var/log/www1/secure.log

/var/log/www/secure.l

/var/log/www/logs/secure.logs

/var/log/www2/secure.log

Options:

A.

[monitor:///var/log/.../secure.*

B.

[monitor:///var/log/www1/secure.*]

C.

[monitor:///var/log/www1/secure.log]

D.

[monitor:///var/log/www*/secure.*]

Question 12

A non-clustered Splunk environment has three indexers (A,B,C) and two search heads (X, Y). During a search executed on search head X, indexer A crashes. What is Splunk's response?

Options:

A.

Update the user in Splunk web informing them that the results of their search may be incomplete.

B.

Repeat the search request on indexer B without informing the user.

C.

Update the user in Splunk web that their results may be incomple and that Splunk will try to re-execute the search.

D.

Inform the user in Splunk web that their results may be incomplete and have them attempt the search from search head Y.

Page: 3 / 14
Total 185 questions
Get SPLK-1003 Full Access Download SPLK-1003 PDF