Dumps4free
Discount Offer
Go Back on SPLK-1003 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99



Pass exam with Dumps4free or we will provide you with three additional months of access for FREE.

SPLK-1003 Practice Test


Page 6 out of 37 Pages

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as follows: 123-44-5678. Which configuration file and stanza pair will mask possible SSNs in the log events?


A. props.conf
[mask-SSN]
REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1###-##-$2
KEY = _raw


B. props.conf
[mask-SSN]
REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1###-##-$2
DEST_KEY = _raw


C. transforms.conf
[mask-SSN]
REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1###-##-$2
DEST_KEY = _raw


D. transforms.conf
[mask-SSN]
REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1###-##-$2
DEST_KEY = _raw





D.   transforms.conf
[mask-SSN]
REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1###-##-$2
DEST_KEY = _raw

After configuring a universal forwarder to communicate with an indexer, which index can be checked via the Splunk Web UI for a successful connection?


A. index=main


B. index=test


C. index=summary


D. index=_internal





D.   index=_internal

What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?


A. Disk


B. CPUs


C. Memory


D. Network interface cards





B.   CPUs

Scroll down to section titled, How the cluster handles concurrent search quotas, "Overall search quota. This quota determines the maximum number of historical searches (combined scheduled and ad hoc) that the cluster can run concurrently. This quota is configured with max_Searches_per_cpu and related settings in limits.conf."

When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?


A. App Class


B. Client Class


C. Server Class


D. Forwarder Class





C.   Server Class

Load balancing on a Universal Forwarder is not scaling correctly. The forwarder's outputs. and the tcpout stanza are setup correctly. What else could be the cause of this scaling issue? (select all that apply)


A. The receiving port is not properly setup to listen on the right port.


B. The inputs . conf'S _SYSZOG_ROVTING is not setup to use the right group names.


C. The DNS record used is not setup with a valid list of IP addresses.


D. The indexAndForward value is not set properly.





A.   The receiving port is not properly setup to listen on the right port.

C.   The DNS record used is not setup with a valid list of IP addresses.

Explanation: The possible causes of the load balancing issue on the Universal Forwarder are A and C. The receiving port and the DNS record are both factors that affect the ability of the Universal Forwarder to distribute data across multiple receivers. If the receiving port is not properly set up to listen on the right port, or if the DNS record used is not set up with a valid list of IP addresses, the Universal Forwarder might fail to connect to some or all of the receivers, resulting in poor load balancing.


Page 6 out of 37 Pages
Previous