Which file is used for role and mapping

• authorize.conf (Ans)
• authorizes.conf
• authentication.conf
• limits.conf

You can not search the data in frozen stage of bucket

• True (Ans)
• False

Attributes in indexes.conf to freeze data when it grows too old

• frozenTimePeriodInSecs (Ans)
• frozenTimePeriodInMinutes
• frozenTimePeriodInHour
• MaxDataSizeInMb

Which Splunk License does not exist

• search head (Ans)
• forwarder
• free
• Splunk Enterprise

You can not back up hot buckets

• Yes, you can not do
• No , you can back up hot buckets
• You can back up hot buckets as well, you need to take a snapshot of the files, using a tool like VSS.
• Its not possible to take backup of hot buckets (Ans)

Why you should create multiple indexes?

• To control user access.
• To accommodate varying retention policies.
• To speed searches in certain situations.
• All of the above. (Ans)

Which command is used only to delete index web data ?

• splunk clean eventdata -index web (Ans)
• splunk clean eventdata
• splunk remove -index web
• splunk disable -index web

What is the use of Add-on in splunk?

• To create dashboards
• To run only scripts
• To extract fields, parsing etc but do not provide dashboards (Ans)
• To replace App

In which index, events from the file system change monitor, auditing, and all user search history are stored.

• audit
• _audit (Ans)
• index
• _index
• main

Can you create new index starting with _ in splunk web-gui ?

• Yes
• No (Ans)
• You can create but it is not recommended by Splunk

Deployment server push configuration files to deployment client

• True
• False (Ans)

Deployment client uses which configuration files to connect deployment server ?

• serverclass.conf
• deploymentclient.conf (Ans)
• inputs.conf
• outputs.conf

universal forwarder can index the data

• True
• False (Ans)

Which component should not have web gui?

• Search Head
• Deployment Server
• Universal Forwarder (Ans)
• Heavy Forwarder

Search Head can not index the data.

• True
• False (Ans)

Which index includes Splunk Enterprise internal logs and metrics.

• _internal (Ans)
• audit
• main
• _audit

The deployment server does not automatically deploy apps when you edit through forwarder management.

• True
• False (Ans)

The deployment server does not automatically deploy apps in response to direct edits of serverclass.conf

• True (Ans)
• Flase

A dedicated deployment server can handle how many clients ?

• 50
• 100
• 400
• 500 – 1000 clients, even more than this and it depends of the periodicity, and the size of the bundles to deploy. (Ans)

Which is used in script stanza ?

• monitor
• script (Ans)
• fschange

which attribute can be used to run a script in every 5 minutes

• interval = 5
• interval = 300 (Ans)
• interval = 1800
• cron = 300

which can be used in stanza to destroy file after reading the file

• fschange
• monitor
• batch (Ans)
• destroy

To receive data from forwarder in indexer in inputs.conf file, which is used in stanza ?

• tcp
• splunktcp (Ans)
• udp
• forwardertcp

«

Prev

1

/

1

Next

»

Splunk Advance Tutorial for Beginners with Demo 2020 — By DevOpsSchool

Splunk Advance Tutorial for Beginners with Demo (2020) — By DevOpsSchool

Splunk Advance Tutorial for Beginners with Demo [2020] — By DevOpsSchool

SPLUNK Essential Tutorial By Shahrukh in 2020

«

Prev

1

/

1

Next

»

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand. 

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND