Which feature of Splunk’s role configuration can be used to aggregate multiple roles intended for groups of users?
A. Linked roles
B. Grantable roles
C. Role federation
D. Role inheritance
A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?
A. Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and the change will be automatically sent to the deployment clients.
B. Make the change in $SPLUNK HOME /etc/apps/$appname/local/ on any of the deployment clients, and then run the command . / splunk reload deploy-server to push that change to the deployment server.
C. Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and then run $SPLUNK HOME/bin/sp1unk reload deploy—server.
D. Make the change in $SPLUNK HOME/etc/apps/$appName/defau1t on the deployment server, and it will be distributed down to the clients' own local versions.
Explanation: According to the Splunk documentation1, to customize a configuration file,
you need to create a new file with the same name in a local or app directory. Then, add the
specific settings that you want to customize to the local configuration file. Never change or
copy the configuration files in the default directory. The files in the default directory must
remain intact and in their original location. The Splunk Enterprise upgrade process
overwrites the default directory.
To deploy configuration files to deployment clients, you need to use the deployment
server. The deployment server is a Splunk Enterprise instance that distributes content and
updates to deployment clients2. The deployment server uses a directory called
$SPLUNK_HOME/etc/deployment-apps to store the apps and configuration files that
itdeploys to clients2. To update the configuration files in this directory, you need to edit
them manually and then run the command $SPLUNK_HOME/bin/sp1unk reload
deploy—server to make the changes take effect2.
Therefore, option A is incorrect because it does not include the reload command. Option B
is incorrect because it makes the change on a deployment client instead of the deployment
server. Option D is incorrect because it changes the default directory instead of the local
directory.
What is an example of a proper configuration for CHARSET within props.conf?
A. [host: : server. splunk. com]
CHARSET = BIG5
B. [index: :main]
CHARSET = BIG5
C. [sourcetype: : son]
CHARSET = BIG5
D. [source: : /var/log/ splunk]
CHARSET = BIG5
Explanation: According to the Splunk documentation1, to manually specify a character set
for an input, you need to set the CHARSET key in the props.conf file. You can specify the
character set by host, source, or sourcetype, but not by index.
https://docs.splunk.com/Documentation/Splunk/latest/Data/Configurecharactersetencoding
What type of data is counted against the Enterprise license at a fixed 150 bytes per event?
A. License data
B. Metricsdata
C. Internal Splunk data
D. Internal Windows logs
What is the valid option for a [monitor] stanza in inputs.conf?
A. enabled
B. datasource
C. Server_name
D. ignoreOlderThan
Explanation: Setting: ignoreOlderThan =
Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?
A. splunk btool server list --debug
B. splunk list forward-indexer
C. splunk list forward-server
D. splunk btool indexes list --debug
| Page 6 out of 31 Pages |
| Previous |
Contact Us - Privacy Policy ... Copyright © - All Rights Reserved