Universal forwarder is recommended for forwarding the logs to indexers.
A. False
B. True
Field names are case sensitive
A. True
B. False
In the fields sidebar, what indicates that a field is numeric?
A. A number to the right of the field name
B. A # symbol to the left of the field name
C. A lowercase n to the left of the field name
D. A lowercase n to the right of the field name
Data sources being opened and read applies to:
A. None of the above
B. Indexing Phase
C. Parsing Phase
D. Input Phase
E. License Metering
Query - status != 100:
A. Will return event where status field exist but value of that field is not 100.
B. Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.
C. Will get different results depending on data
Which search would return events from the access_combined sourcetype?
A. Sourcetype=access_combined
B. Sourcetype=Access_Combined
C. sourcetype=Access_Combined
D. SOURCETYPE=access_combined
Explanation: The search query sourcetype=access_combined would return events from the access_combined sourcetype, which is a predefined sourcetype in Splunk that matches the access-common or access-combined Apache logging formats1. The sourcetype field is case-sensitive, so using different capitalization such as Access_Combined or ACCESS_COMBINED would not match the exact sourcetype name2. The sourcetype field is also a default field that is added by the indexer when it indexes the data, so it does not need to be enclosed in quotation marks3.
| Page 2 out of 41 Pages |
| Previous |
Contact Us - Privacy Policy ... Copyright © - All Rights Reserved