Splunk Enterprise Certified Admin SPLK-1003 Dumps Questions

1. Which setting in indexes.confallows data retention to be controlled by time?

2. The universal forwarder has which capabilities when sending data? (Select all that apply.)

3. In case of a conflict between a whitelist and a blacklist input setting, which one is used?

4. In which Splunk configuration is the SEDCMDused?

5. Which of the following are supported configuration methods to add inputs on a forwarder? (Select all that apply.)

6. Which parent directory contains the configuration files in Splunk?

7. Which forwarder type can parse data prior to forwarding?

8. Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

9. Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

10. Where should apps be located on the deployment server that the clients pull from?

11. This file has been manually created on a universal forwarder:

/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf

[monitor:///var/log/messages]

sourcetype=syslog

index=syslog

A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:

/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf

[monitor:///var/log/maillog]

sourcetype=maillog

index=syslog

Which file is now monitored?

12. In which phase of the index time process does the license metering occur?

13. You update a props.conffile while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list C-debug.

What will the output be?

14. When running the command shown below, what is the default path in which deploymentserver.conf is created? splunk set deploy-poll deployServer:port

15. The priority of layered Splunk configuration files depends on the file’s: