Within props. conf, which stanzas are valid for data modification? (select all that apply)
Where are license files stored?
Answer : C
Which feature of Splunk's role configuration can be used to aggregate multiple roles intended for groups of
users?
Which additional component is required for a search head cluster?
Answer : A
The deployer. This is a Splunk Enterprise instance that distributes apps and other configurations to the cluster members. It stands outside the cluster and cannot run on the same instance as a cluster member. It can, however, under some circumstances, reside on the same instance as other Splunk Enterprise components, such as a deployment server or an indexer cluster master node.
A company moves to a distributed architecture to meet the growing demand for the use of Splunk. What parameter can be configured to enable automatic load balancing in the
Universal Forwarder to send data to the indexers?
Answer : D
To enable automatic load balancing, set the stanza to have a server value equal to a comma-separated list of IP addresses and indexer ports for each of the indexers in the environment. For example:
[tcpout] server=10.1.1.1:9997,10.1.1.2:9997,10.1.1.3:9997
The forwarder then distributes data across all of the indexers in the list.
In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?
Answer : D
Which file will be matched for the following monitor stanza in inputs. conf?
[monitor: ///var/log/*/bar/*. txt]
Answer : C
The correct answer is C. /var/log/host_460352847/bar/file/foo.txt.
The monitor stanza in inputs.conf is used to configure Splunk to monitor files and directories for new data. The monitor stanza has the following syntax1:
[monitor://<input path>]
The input path can be a file or a directory, and it can include wildcards (*) and regular expressions. The wildcards match any number of characters, including none, while the regular expressions match patterns of characters. The input path is case-sensitive and must be enclosed in double quotes if it contains spaces1.
In this case, the input path is /var/log//bar/.txt, which means Splunk will monitor any file with the .txt extension that is located in a subdirectory named bar under the /var/log directory. The subdirectory bar can be at any level under the /var/log directory, and the * wildcard will match any characters before or after the bar and .txt parts1.
Therefore, the file /var/log/host_460352847/bar/file/foo.txt will be matched by the monitor stanza, as it meets the criteria. The other files will not be matched, because:
A . /var/log/host_460352847/temp/bar/file/csv/foo.txt has a .csv extension, not a .txt extension.
B . /var/log/host_460352847/bar/foo.txt is not located in a subdirectory under the bar directory, but directly in the bar directory.
D . /var/log/host_460352847/temp/bar/file/foo.txt is located in a subdirectory named file under the bar directory, not directly in the bar directory.