Splunk SPLK-2002 Practice Test - Questions Answers, Page 12

A Splunk deployment is being architected and the customer will be using Splunk Enterprise Security (ES) and Splunk IT Service Intelligence (ITSI). Through data onboarding and sizing, it is determined that over 200 discrete KPIs will be tracked by ITSI and 1TB of data per day by ES. What topology ensures a scalable and performant deployment?

How can internal logging levels in a Splunk environment be changed to troubleshoot an issue? (select all that apply)

Other than high availability, which of the following is a benefit of search head clustering?

By default, what happens to configurations in the local folder of each Splunk app when it is deployed to a search head cluster?

A Splunk environment collecting 10 TB of data per day has 50 indexers and 5 search heads. A single-site indexer cluster will be implemented. Which of the following is a best practice for added data resiliency?

Which Splunk log file would be the least helpful in troubleshooting a crash?

Which of the following use cases would be made possible by multi-site clustering? (select all that apply)

Which of the following would be the least helpful in troubleshooting contents of Splunk configuration files?

What is the expected minimum amount of storage required for data across an indexer cluster with the following input and parameters?

* Raw data = 15 GB per day

* Index files = 35 GB per day

* Replication Factor (RF) = 2

* Search Factor (SF) = 2