Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Splunk

Splunk Interview Questions and Answer Part – 2

January 16, 2020 comments off

Which port is the default forwarding port?

  • 8683
  • 8089
  • 9997 (Ans)
  • 8079
  • 9907
  • 9090
  • 80
  • 8080

Universal forwarders do not parse data.

  • False
  • True (Ans)

Which port is the default management/deployment port?

  • 9997
  • 8089 (Ans)
  • 4447
  • 4096
  • 8008
  • 8080
  • 80

Which type of forwarder requires a specific type of license?

  • Universal
  • Light
  • Heavy (Ans)
  • Advanced

On which platform(s) can you use WGET to install a universal forwarder?

  • Linux
  • Unix
  • Windows
  • Solaris
  • AIX
  • All of these (Ans)
  • None of these
  • Linux, AIX, and Solaris only
  • Windows only

Other than the installation wizard on Windows, how can you configure a universal forwarder?

  • Uninstall and reinstall the universal forwarder to reconfigure it.
  • On Windows, that is the only way. On Linux/Unix, you can edit the configuration files.
  • By editing the configuration files. (Ans)
  • None of these.

Universal forwarders should also be installed on all indexers.

  • False (Ans)
  • True

Some syslog devices do not require Splunk forwarders. Syslog data is generally received on port

  • 443
  • 80
  • 9999
  • 8080
  • 514 (Ans)

Which of the following is not a Splunk default metadata assignment?

  • source
  • sourcetype
  • index
  • host
  • network (Ans)

Splunk can locally monitor both individual files and entire directories.

  • True (Ans)
  • False

Which of the following needs to be placed in quotes?

  • Keywords
  • Phrases (Ans)
  • Commands
  • Transformations

Which search mode does not discover fields?

  • Fast (Ans)
  • Verbose
  • Smart
  • No_Fields

The time 11:33 PM can be expressed in the following Splunk variables:

  • %H-%S-%p
  • %B:%H %i
  • %I:%S :p (Ans)
  • %H:%S %p

The date Monday, February 23, 1985 can be expressed in the following Splunk variables:

  • %M, %m %d, %Y
  • %b, %m %m, %Y
  • %A, %B %e, %Y (Ans)
  • %Y, %e %b, %y

Which of the following is not an option for extracting fields?

  • ddex (Ans)
  • regex
  • delimiters

Indices are “buckets” where Splunk data is stored on disk.

  • False
  • True (Ans)

Splunk detects fields as _

  • regular expressions.
  • preconfigured metadata.
  • key=value pairs. (Ans)
  • events.

The basic search pipeline goes

  • middle-in
  • middle-out
  • from specific to general.
  • from general to specific (Ans)

The Search app comes built into Splunk Enterprise.

  • True (Ans)
  • False

SPL stands for

  • Search Processing Language (Ans)
  • Splunk Processing Language
  • Super Processing Language
  • Search Positioning Language
DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.