- Email support@dumps4free.com
Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)
A. CLI
B. Edit inputs . conf
C. Edit forwarder.conf
D. Forwarder Management
Explanation:
https://docs.splunk.com/Documentation/Forwarder/8.2.1/Forwarder/HowtoforwarddatatoSplunkEnterprise
"You can collect data on the universal forwarder using several methods. Define inputs on the universal forwarder with the CLI. You can use the CLI to define inputs on the universal forwarder. After you define the inputs, the universal forwarder collects data based on those definitions as long as it has access to the data that you want to monitor. Define inputs on the universal forwarder with configuration files. If the input you want to configure does not have a CLI argument for it, you can configure inputs with configuration files. Create an inputs.conf file in the directory, $SPLUNK_HOME/etc/system/local
Which network input option provides durable file-system buffering of data to mitigate data loss due to network outages and splunkd restarts?
A. diskQueueSize
B. durableQueueSize
C. persistentOueueSize
D. queueSize
Reference:
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2111/Data/Usepersistentqueues
Which of the following are available input methods when adding a file input in Splunk Web? (Choose all that apply.)
A. Index once.
B. Monitor interval.
C. On-demand monitor.
D. Continuously monitor.
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Howdoyouwanttoadddata
The fastest way to add data to your Splunk Cloud instance or Splunk Enterprise deployment is to use Splunk Web. After you access the Add Data page, choose one of three options for getting data into your Splunk platform deployment with Splunk Web:
(1) Upload
(2) Monitor
(3) Forward The Upload option lets you upload a file or archive of files for indexing.
When you choose Upload option, Splunk Web opens the upload processpage. Monitor. For Splunk Enterprise installations, the Monitor option lets you monitor one or more files, directories, network streams, scripts, Event Logs (on Windows hosts only), performance metrics, or any other type of machine data that the Splunk Enterprise instance has access to.
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
A. services/ collector
B. services/ inputs ? raw
C. services/ data/ collector
D. data/ collector
Explanation:
The answer to your question is C. services/data/collector. This is the endpoint URI used to collect data in a customer managed Splunk Enterprise environment.According to the Splunk documentation1, “The HTTP Event Collector REST API endpoint is /services/data/collector.You can use this endpoint to send events to HTTP Event Collector on a Splunk Enterprise or Splunk Cloud Platform deployment.” You can also use this endpoint to send events to a specific token or index1. For example, you can use thefollowing curl command to send an event with the token 578254cc-05f5-46b5-957b-910d1400341a and the index main: curl -https://localhost:8088/services/data/collector -H'Authorization: Splunk 578254cc-05f5-46b5-957b-910d1400341a'-d'{"index":"main","event":"Hello, world!"}'
In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?
A. To ensure that hot buckets are still open for writes and have not been forced to roll to a cold state
B. To ensure that configuration files have not been tampered with for auditing and/or legal purposes
C. To ensure that user passwords have not been tampered with for auditing and/or legal purposes.
D. To ensure that data has not been tampered with for auditing and/or legal purposes
| Page 2 out of 37 Pages |
| Previous |