An organization wants to collect Windows performance data from a set of clients, however, installing Splunk software on these clients is not allowed. What option is available to collect this data in Splunk Enterprise?
A. Use Local Windows host monitoring.
B. Use Windows Remote Inputs with WMI.
C. Use Local Windows network monitoring.
D. Use an index with an Index Data Type of Metrics.
"The Splunk platform collects remote Windows data for indexing in one of two ways: From Splunk forwarders, Using Windows Management Instrumentation (WMI). For Splunk Cloud deployments, you must use the Splunk Universal Forwarder on a Windows machines to montior remote Windows data."
Which additional component is required for a search head cluster?
A. Deployer
B. Cluster Master
C. Monitoring Console
D. Management Console
The deployer. This is a Splunk Enterprise instance that distributes apps and other configurations to the cluster members. It stands outside the cluster and cannot run on the same instance as a cluster member. It can, however, under some circumstances, reside on the same instance as other Splunk Enterprise components, such as a deployment server or an indexer cluster master node.
Given a forwarder with the following outputs.conf configuration:
[tcpout : mypartner]
Server = 145.188.183.184:9097
[tcpout : hfbank]
server = inputsl . mysplunkhfs . corp : 9997 , inputs2 . mysplunkhfs . corp : 9997
Which of the following is a true statement?
A. Data will continue to flow to hfbank if 145.1 ga. 183.184 : 9097 is unreachable.
B. Data is not encrypted to mypartner because 145.188 .183.184 : 9097 is specified by IP.
C. Data is encrypted to mypartner because 145.183.184 : 9097 is specified by IP.
D. Data will eventually stop flowing everywhere if 145.188.183.184 : 9097 is unreachable.
Explanation:
The outputs.conf file defines how forwarders send data to receivers1. You can
specify some output configurations at installation time (Windows universal
forwarders only) or the CLI, but most advanced configuration settings require that
you edit outputs.conf1.
The [tcpout:…] stanza specifies a group of forwarding targets that receive data
over TCP2. You can define multiple groups with different names and settings2.
The server setting lists one or more receiving hosts for the group, separated by
commas2. If you specify multiple hosts, the forwarder load balances the data
across them2.
Therefore, option A is correct, because the forwarder will send data to both
inputsl.mysplunkhfs.corp:9997 and inputs2.mysplunkhfs.corp:9997, even if
145.188.183.184:9097 is unreachable.
Which default Splunk role could be assigned to provide users with the following
capabilities?
Create saved searches
Edit shared objects and alerts
Not allowed to create custom roles
A. admin
B. power
C. user
D. splunk-system-role
The power role is a default Splunk role that grants users the ability to create saved searches, edit shared objects and alerts, and access advanced search commands. However, the power role does not allow users to create custom roles, which is a privilege reserved for the admin role. Therefore, option B is the correct answer.
What conf file needs to be edited to set up distributed search groups?
A. props.conf
B. search.conf
C. distsearch.conf
D. distibutedsearch.conf
Explanation: "You can group your search peers to facilitate searching on a subset of them. Groups of search peers are known as "distributed search groups." You specify distributed search groups in the distsearch.conf file"
Consider a company with a Splunk distributed environment in production. The Compliance Department wants to start using Splunk; however, they want to ensure that no one can see their reports or any other knowledge objects. Which Splunk Component can be added to implement this policy for the new team?
A. Indexer
B. Deployment server
C. Universal forwarder
D. Search head
| Page 5 out of 31 Pages |
| Previous |
Contact Us - Privacy Policy ... Copyright © - All Rights Reserved