Question 1

Which of the following describe migration from single-site to multisite index replication?

Accepted Answer

A)  A master node is required at each site. 
B)  Multisite policies apply to new data only. 
C)  Single-site buckets instantly receive the multisite policies. 
D)  Multisite total values should not exceed any single-site factors. 
A)  A master node is required at each site. 
B)  Multisite policies apply to new data only. 
C)  Single-site buckets instantly receive the multisite policies. 
D)  Multisite total values should not exceed any single-site factors.

Question 2

Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?

Accepted Answer

A)  Increase the maximum number of hot buckets in indexes.conf Increase the maximum number of hot buckets in indexes.conf 
B)  Increase the number of parallel ingestion pipelines in server.conf Increase the number of parallel ingestion pipelines in server.conf 
C)  Decrease the maximum size of the search pipelines in limits.conf Decrease the maximum size of the search pipelines in limits.conf 
D)  Decrease the maximum concurrent scheduled searches in limits.conf Decrease the maximum concurrent scheduled searches in 
A)  Increase the maximum number of hot buckets in indexes.conf Increase the maximum number of hot buckets in indexes.conf 
B)  Increase the number of parallel ingestion pipelines in server.conf Increase the number of parallel ingestion pipelines in server.conf 
C)  Decrease the maximum size of the search pipelines in limits.conf Decrease the maximum size of the search pipelines in limits.conf 
D)  Decrease the maximum concurrent scheduled searches in limits.conf Decrease the maximum concurrent scheduled searches in

Question 3

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?

Accepted Answer

A)  Configure syslog to send the data to multiple Splunk indexers. 
B)  Use a Splunk indexer to collect a network input on port 514 directly. 
C)  Use a Splunk forwarder to collect the input on port 514 and forward the data. 
D)  Configure syslog to write logs and use a Splunk forwarder to collect the logs. 
A)  Configure syslog to send the data to multiple Splunk indexers. 
B)  Use a Splunk indexer to collect a network input on port 514 directly. 
C)  Use a Splunk forwarder to collect the input on port 514 and forward the data. 
D)  Configure syslog to write logs and use a Splunk forwarder to collect the logs.

Question 4

What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?

Accepted Answer

A)  btool.log 
B)  metrics.log 
C)  splunkd.log 
D)  tailing_processor.log 
A)  btool.log 
B)  metrics.log 
C)  splunkd.log 
D)  tailing_processor.log

Question 5

A Splunk architect has inherited the Splunk deployment at Buttercup Games and end users are complaining that the events are inconsistently formatted for a web sourcetype. Further investigation reveals that not all web logs flow through the same infrastructure: some of the data goes through heavy forwarders and some of the forwarders are managed by another department. Which of the following items might be the cause for this issue?

Accepted Answer

A)  The search head may have different configurations than the indexers. 
B)  The data inputs are not properly configured across all the forwarders. 
C)  The indexers may have different configurations than the heavy forwarders. 
D)  The forwarders managed by the other department are an older version than the rest. 
A)  The search head may have different configurations than the indexers. 
B)  The data inputs are not properly configured across all the forwarders. 
C)  The indexers may have different configurations than the heavy forwarders. 
D)  The forwarders managed by the other department are an older version than the rest.

Which of the following describe migration from single-site to multisite index replication?

Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?

What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?

Splunk Core Certified User

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 5: Splunk Enterprise Security Certified Admin

Which of the following describe migration from single-site to multisite index replication?

Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?

What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?

Splunk Core Certified User

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters