{"id":8829,"date":"2020-01-16T09:43:40","date_gmt":"2020-01-16T09:43:40","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=8829"},"modified":"2021-11-13T10:57:57","modified_gmt":"2021-11-13T10:57:57","slug":"splunk-interview-questions-and-answer-part-2","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/splunk-interview-questions-and-answer-part-2\/","title":{"rendered":"Splunk Interview Questions and Answer Part \u2013 2"},"content":{"rendered":"\n<p><strong>Which port is the default forwarding port?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>8683<\/li><li>8089<\/li><li><strong>9997 (Ans)<\/strong><\/li><li>8079<\/li><li>9907<\/li><li>9090<\/li><li>80<\/li><li>8080<\/li><\/ul>\n\n\n\n<p><strong>Universal forwarders do not parse data.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which port is the default management\/deployment port?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>9997<\/li><li><strong>8089 (Ans)<\/strong><\/li><li>4447<\/li><li>4096<\/li><li>8008<\/li><li>8080<\/li><li>80<\/li><\/ul>\n\n\n\n<p><strong>Which type of forwarder requires a specific type of license?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Universal<\/li><li>Light<\/li><li><strong>Heavy (Ans)<\/strong><\/li><li>Advanced<\/li><\/ul>\n\n\n\n<p><strong>On which platform(s) can you use WGET to install a universal forwarder?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Linux<\/li><li>Unix<\/li><li>Windows<\/li><li>Solaris<\/li><li>AIX<\/li><li><strong>All of these (Ans)<\/strong><\/li><li>None of these<\/li><li>Linux, AIX, and Solaris only<\/li><li>Windows only<\/li><\/ul>\n\n\n\n<p><strong>Other than the installation wizard on Windows, how can you configure a universal forwarder?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Uninstall and reinstall the universal forwarder to reconfigure it.<\/li><li>On Windows, that is the only way. On Linux\/Unix, you can edit the configuration files.<\/li><li><strong>By editing the configuration files. (Ans)<\/strong><\/li><li>None of these.<\/li><\/ul>\n\n\n\n<p><strong>Universal forwarders should also be installed on all indexers.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>False (Ans)<\/strong><\/li><li>True<\/li><\/ul>\n\n\n\n<p><strong>Some syslog devices do not require Splunk forwarders. Syslog data is generally received on port<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>443<\/li><li>80<\/li><li>9999<\/li><li>8080<\/li><li><strong>514  (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which of the following is not a Splunk default metadata assignment?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>source<\/li><li>sourcetype<\/li><li>index<\/li><li>host<\/li><li><strong>network (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Splunk can locally monitor both individual files and entire directories.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>True (Ans)<\/strong><\/li><li>False<\/li><\/ul>\n\n\n\n<p><strong>Which of the following needs to be placed in quotes?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Keywords<\/li><li><strong>Phrases (Ans)<\/strong><\/li><li>Commands<\/li><li>Transformations<\/li><\/ul>\n\n\n\n<p><strong>Which search mode does not discover fields?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Fast (Ans)<\/strong><\/li><li>Verbose<\/li><li>Smart<\/li><li>No_Fields<\/li><\/ul>\n\n\n\n<p><strong>The time 11:33 PM can be expressed in the following Splunk variables:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>%H-%S-%p<\/li><li>%B:%H %i<\/li><li><strong>%I:%S :p (Ans)<\/strong><\/li><li>%H:%S %p<\/li><\/ul>\n\n\n\n<p><strong>The date Monday, February 23, 1985 can be expressed in the following Splunk variables:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>%M, %m %d, %Y<\/li><li>%b, %m %m, %Y<\/li><li><strong>%A, %B %e, %Y (Ans)<\/strong><\/li><li>%Y, %e %b, %y<\/li><\/ul>\n\n\n\n<p><strong>Which of the following is not an option for extracting fields?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>ddex (Ans)<\/strong><\/li><li>regex<\/li><li>delimiters<\/li><\/ul>\n\n\n\n<p><strong>Indices are &#8220;buckets&#8221; where Splunk data is stored on disk.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Splunk detects fields as _<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>regular expressions.<\/li><li>preconfigured metadata.<\/li><li><strong>key=value pairs. (Ans)<\/strong><\/li><li>events.<\/li><\/ul>\n\n\n\n<p><strong>The basic search pipeline goes<\/strong> <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>middle-in<\/li><li>middle-out<\/li><li>from specific to general.<\/li><li><strong>from general to specific (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>The Search app comes built into Splunk Enterprise.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>True (Ans)<\/strong><\/li><li>False<\/li><\/ul>\n\n\n\n<p><strong>SPL stands for<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Search Processing Language (Ans)<\/strong><\/li><li>Splunk Processing Language<\/li><li>Super Processing Language<\/li><li>Search Positioning Language<\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_13003\"><iframe loading=\"lazy\"  id=\"_ytid_34217\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_13003\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Which port is the default forwarding port? 8683 8089 9997 (Ans) 8079 9907 9090 80 8080 Universal forwarders do not parse data. False True (Ans) Which port is the default&#8230; <\/p>\n","protected":false},"author":1,"featured_media":9531,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5207],"tags":[991,5685],"class_list":["post-8829","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-splunk","tag-splunk","tag-wget"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=8829"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8829\/revisions"}],"predecessor-version":[{"id":25108,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8829\/revisions\/25108"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/9531"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=8829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=8829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=8829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}