Splunk® SPLK-1003 Exam Practice Questions (P. 3)
- Full Access (191 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog]
sourcetype=maillog
index=syslog
Which file is now monitored?
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog]
sourcetype=maillog
index=syslog
Which file is now monitored?
- A/var/log/messages
- B/var/log/maillogMost Voted
- C/var/log/maillog and /var/log/messages
- Dnone of the above
Correct Answer:
A
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Exampleaddaninputtoforwarders
A
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Exampleaddaninputtoforwarders
send
light_mode
delete
Question #12
In which phase of the index time process does the license metering occur?
- AInput phase
- BParsing phase
- CIndexing phaseMost Voted
- DLicensing phase
Correct Answer:
C
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/HowSplunklicensingworks
C
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/HowSplunklicensingworks
send
light_mode
delete
Question #13
You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list `"-debug. What will the output be?
- AA list of all the configurations on-disk that Splunk contains.
- BA verbose list of all configurations as they were when splunkd started.
- CA list of props.conf configurations as they are on-disk along with a file path from which the configuration is located.Most Voted
- DA list of the current running props.conf configurations along with a file path from which the configuration was made.
Correct Answer:
D
Reference:
https://answers.splunk.com/answers/494219/need-help-with-what-should-be-a-simple-precedence.html
D
Reference:
https://answers.splunk.com/answers/494219/need-help-with-what-should-be-a-simple-precedence.html
send
light_mode
delete
Question #14
When running the command shown below, what is the default path in which deploymentserver.conf is created? splunk set deploy-poll deployServer:port
- ASPLUNK_HOME/etc/deployment
- BSPLUNK_HOME/etc/system/localMost Voted
- CSPLUNK_HOME/etc/system/default
- DSPLUNK_HOME/etc/apps/deployment
Correct Answer:
B
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Configuredeploymentclients
B
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Configuredeploymentclients
send
light_mode
delete
Question #15
The priority of layered Splunk configuration files depends on the file's:
- AOwner
- BWeight
- CContextMost Voted
- DCreation time
Correct Answer:
C
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles
C
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles
send
light_mode
delete
All Pages