- Email support@dumps4free.com
What will the following inputs. conf stanza do?
[script://myscript . sh]
Interval=0
A. The script will run at the default interval of 60 seconds.
B. The script will not be run.
C. The script will be run only once for each time Splunk is restarted.
D. The script will be run. As soon as the script exits, Splunk restarts it.
Explanation:
The inputs.conf file is used to configure inputs, distributed inputs such as
forwarders, and file system monitoring in Splunk1.
The [script://myscript.sh] stanza specifies a script input, which means that Splunk
runs the script and indexes its output1.
The interval setting determines how often Splunk runs the script. If the interval is
set to 0, the script runs only once when Splunk starts up1. If the interval is omitted,
the script runs at the default interval of 60 seconds2.
Therefore, option C is correct, and the other options are incorrect.
A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?
A. Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and the change will be automatically sent to the deployment clients.
B. Make the change in $SPLUNK HOME /etc/apps/$appname/local/ on any of the deployment clients, and then run the command . / splunk reload deploy-server to push that change to the deployment server.
C. Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and then run $SPLUNK HOME/bin/sp1unk reload deploy—server.
D. Make the change in $SPLUNK HOME/etc/apps/$appName/defau1t on the deployment server, and it will be distributed down to the clients' own local versions.
Explanation: According to the Splunk documentation1, to customize a configuration file,
you need to create a new file with the same name in a local or app directory. Then, add the
specific settings that you want to customize to the local configuration file. Never change or
copy the configuration files in the default directory. The files in the default directory must
remain intact and in their original location. The Splunk Enterprise upgrade process
overwrites the default directory.
To deploy configuration files to deployment clients, you need to use the deployment
server. The deployment server is a Splunk Enterprise instance that distributes content and
updates to deployment clients2. The deployment server uses a directory called
$SPLUNK_HOME/etc/deployment-apps to store the apps and configuration files that
itdeploys to clients2. To update the configuration files in this directory, you need to edit
them manually and then run the command $SPLUNK_HOME/bin/sp1unk reload
deploy—server to make the changes take effect2.
Therefore, option A is incorrect because it does not include the reload command. Option B
is incorrect because it makes the change on a deployment client instead of the deployment
server. Option D is incorrect because it changes the default directory instead of the local
directory.
Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?
A. splunk btool server list --debug
B. splunk list forward-indexer
C. splunk list forward-server
D. splunk btool indexes list --debug
Which of the following are required when defining an index in indexes. conf? (select all that apply)
A. coldPath
B. homePath
C. frozenPath
D. thawedPath
Which of the following monitor inputs stanza headers would match all of the following files?
/var/log/www1/secure.log
/var/log/www/secure.l
/var/log/www/logs/secure.logs
/var/log/www2/secure.log
A. [monitor:///var/log/.../secure.*
B. [monitor:///var/log/www1/secure.*]
C. [monitor:///var/log/www1/secure.log]
D. [monitor:///var/log/www*/secure.*]
| Page 7 out of 37 Pages |
| Previous |