Which file is used for role and mapping
- authorize.conf (Ans)
- authorizes.conf
- authentication.conf
- limits.conf
You can not search the data in frozen stage of bucket
- True (Ans)
- False
Attributes in indexes.conf to freeze data when it grows too old
- frozenTimePeriodInSecs (Ans)
- frozenTimePeriodInMinutes
- frozenTimePeriodInHour
- MaxDataSizeInMb
Which Splunk License does not exist
- search head (Ans)
- forwarder
- free
- Splunk Enterprise
You can not back up hot buckets
- Yes, you can not do
- No , you can back up hot buckets
- You can back up hot buckets as well, you need to take a snapshot of the files, using a tool like VSS.
- Its not possible to take backup of hot buckets (Ans)
Why you should create multiple indexes?
- To control user access.
- To accommodate varying retention policies.
- To speed searches in certain situations.
- All of the above. (Ans)
Which command is used only to delete index web data ?
- splunk clean eventdata -index web (Ans)
- splunk clean eventdata
- splunk remove -index web
- splunk disable -index web
What is the use of Add-on in splunk?
- To create dashboards
- To run only scripts
- To extract fields, parsing etc but do not provide dashboards (Ans)
- To replace App
In which index, events from the file system change monitor, auditing, and all user search history are stored.
- audit
- _audit (Ans)
- index
- _index
- main
Can you create new index starting with _ in splunk web-gui ?
- Yes
- No (Ans)
- You can create but it is not recommended by Splunk
Deployment server push configuration files to deployment client
- True
- False (Ans)
Deployment client uses which configuration files to connect deployment server ?
- serverclass.conf
- deploymentclient.conf (Ans)
- inputs.conf
- outputs.conf
universal forwarder can index the data
- True
- False (Ans)
Which component should not have web gui?
- Search Head
- Deployment Server
- Universal Forwarder (Ans)
- Heavy Forwarder
Search Head can not index the data.
- True
- False (Ans)
Which index includes Splunk Enterprise internal logs and metrics.
- _internal (Ans)
- audit
- main
- _audit
The deployment server does not automatically deploy apps when you edit through forwarder management.
- True
- False (Ans)
The deployment server does not automatically deploy apps in response to direct edits of serverclass.conf
- True (Ans)
- Flase
A dedicated deployment server can handle how many clients ?
- 50
- 100
- 400
- 500 – 1000 clients, even more than this and it depends of the periodicity, and the size of the bundles to deploy. (Ans)
Which is used in script stanza ?
- monitor
- script (Ans)
- fschange
which attribute can be used to run a script in every 5 minutes
- interval = 5
- interval = 300 (Ans)
- interval = 1800
- cron = 300
which can be used in stanza to destroy file after reading the file
- fschange
- monitor
- batch (Ans)
- destroy
To receive data from forwarder in indexer in inputs.conf file, which is used in stanza ?
- tcp
- splunktcp (Ans)
- udp
- forwardertcp
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals
