ExamGecko
Search Search Login
Home Home / Splunk / SPLK-2002
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How can internal logging levels in a Splunk environment be changed to troubleshoot an issue? (select all that apply)
What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)
Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?
Which of the following describe migration from single-site to multisite index replication?
When should a Universal Forwarder be used instead of a Heavy Forwarder?
A customer has a four site indexer cluster. The customer has requirements to store five copies of searchable data, with one searchable copy of data at the origin site, and one searchable copy at the disaster recovery site (site4). Which configuration meets these requirements?
The guidance Splunk gives for estimating size on for syslog data is 50% of original data size. How does this divide between files in the index?
Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?
Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?
What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?

Question 89 - SPLK-2002 discussion

Report
Export

Which of the following options can improve reliability of syslog delivery to Splunk? (Select all that apply.)

A.

Use TCP syslog.

Answers
A.

Use TCP syslog.

B.

Configure UDP inputs on each Splunk indexer to receive data directly.

Answers
B.

Configure UDP inputs on each Splunk indexer to receive data directly.

C.

Use a network load balancer to direct syslog traffic to active backend syslog listeners.

Answers
C.

Use a network load balancer to direct syslog traffic to active backend syslog listeners.

D.

Use one or more syslog servers to persist data with a Universal Forwarder to send the data to Splunk indexers.

Answers
D.

Use one or more syslog servers to persist data with a Universal Forwarder to send the data to Splunk indexers.

Suggested answer: A, D

Explanation:

Syslog is a standard protocol for sending log messages from various devices and applications to a central server. Syslog can use either UDP or TCP as the transport layer protocol. UDP is faster but less reliable, as it does not guarantee delivery or order of the messages. TCP is slower but more reliable, as it ensures delivery and order of the messages. Therefore, to improve the reliability of syslog delivery to Splunk, it is recommended to use TCP syslog.

Another option to improve the reliability of syslog delivery to Splunk is to use one or more syslog servers to persist data with a Universal Forwarder to send the data to Splunk indexers. This way, the syslog servers can act as a buffer and store the data in case of network or Splunk outages. The Universal Forwarder can then forward the data to Splunk indexers when they are available.

Using a network load balancer to direct syslog traffic to active backend syslog listeners is not a reliable option, as it does not address the possibility of data loss or duplication due to network failures or Splunk outages. Configuring UDP inputs on each Splunk indexer to receive data directly is also not a reliable option, as it exposes the indexers to the network and increases the risk of data loss or duplication due to UDP limitations.

Show Answer
asked 13/11/2024
Rick James
43 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms