SPLK-1003 Practice Questions

Which of the following enables compression for universal forwarders in outputs. conf ?

A)

B)

C)

D)

A user recently installed an application to index NCINX access logs. After configuring the application, they realize that no data is being ingested. Which configuration file do they need to edit to ingest the access logs to ensure it remains unaffected after upgrade?

What is an example of a proper configuration for CHARSET within props.conf?

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON

A)

B)

C)

D)

Which of the following is the use case for the deployment server feature of Splunk?

In this example, ifuseACKis set to true and themaxQueueSizeis set to 7MB, what is the size of the wait queue on this universal forwarder?

Which of the following are methods for adding inputs in Splunk? (select all that apply)

In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which value would fit best?

Event example:

Syslog files are being monitored on a Heavy Forwarder.

Where would the appropriate TRANSFORMS setting be deployed to reroute logs based on the event message?

When using license pools, volume allocations apply to which Splunk components?