For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
A. True
B. False
C.
D. Newline Character
Description: When set to true, the Splunk platform combines several input lines into a single event, with configuration based on the settings described in the next section.
Which of the following types of data count against the license daily quota?
A. Replicated data
B. splunkd logs
C. Summary index data
D. Windows internal logs
Which of the following indexes come pre-configured with Splunk Enterprise? (select all that apply)
A. _license
B. _lnternal
C. _external
D. _thefishbucket
Which forwarder type can parse data prior to forwarding?
A. Universal forwarder
B. Heaviest forwarder
C. Hyper forwarder
D. Heavy forwarder
What conf file needs to be edited to set up distributed search groups?
A. props.conf
B. search.conf
C. distsearch.conf
D. distibutedsearch.conf
Explanation: "You can group your search peers to facilitate searching on a subset of them. Groups of search peers are known as "distributed search groups." You specify distributed search groups in the distsearch.conf file"
Which of the following enables compression for universal forwarders in outputs. conf ?
A. Option A
B. Option B
C. Option C
D. Option D
# Compression
#
# This example sends compressed events to the remote indexer.
# NOTE: Compression can be enabled TCP or SSL outputs only.
# The receiver input port should also have compression enabled.
[tcpout]
server = splunkServer.example.com:4433
compressed = true
| Page 3 out of 31 Pages |
| Previous |
Contact Us - Privacy Policy ... Copyright © - All Rights Reserved