Ask Question
SPLK-1003: Splunk Enterprise Certified Admin
Splunk
Exam Questions:
185
.png)
2.370 Learners
Related questions
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
Unlock Premium Member
Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21]
VendorID=1234 Code=B AcctID=xxx5309
Event:
[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Anonymizedata
Scrolling down to the section titled "Define the sed script in props.conf shows the correct syntax of an example which validates that the number/character /1 immediately preceded the /g
Which of the following statements describe deployment management? (select all that apply)
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Distdeploylicenses#:~:text=License%2 0requirements,do%20not%20index%20external%20data.
"All Splunk Enterprise instances functioning as management components needs access to an Enterprise license. Management components include the deployment server, the indexer cluster manager node, the search head cluster deployer, and the monitoring console."
https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver
"The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances."
Which is a valid stanza for a network input?
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/Monitornetworkports
Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2006/Data/Bypassautomaticsourcetypeassignment
What are the minimum required settings when creating a network input in Splunk?
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Inputsconf
[tcp://<remote server>:<port>]
*Configures the input to listen on a specific TCP network port.
*If a <remote server> makes a connection to this instance, the input uses this stanza to configure itself.
*If you do not specify <remote server>, this stanza matches all connections on the specified port.
*Generates events with source set to "tcp:<port>", for example: tcp:514
*If you do not specify a sourcetype, generates events with sourcetype set to "tcp-raw"
Consider the following stanza in inputs.conf:
What will the value of the source filed be for events generated by this scripts input?
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Inputsconf
-Scroll down to source = <string>
*Default: the input file path
Local user accounts created in Splunk store passwords in which file?
Explanation:
Per the provided reference URL https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Userseedconf "To set the default username and password, place user-seed.conf in $SPLUNK_HOME/etc/system/local. You must restart Splunk to enable configurations. If the $SPLUNK_HOME/etc/passwd file is present, the settings in this file (user-seed.conf) are not used."
Running this search in a distributed environment:
On what Splunk component does the eval command get executed?
Which file will be matched for the following monitor stanza in inputs. conf?
Within props. conf, which stanzas are valid for data modification? (select all that apply)
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec
https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf
"* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec
Question