What is the command to reset the fishbucket for one source?
Consider a company with a Splunk distributed environment in production. The Compliance Department wants to start using Splunk; however, they want to ensure that no one can see their reports or any other knowledge objects. Which Splunk Component can be added to implement this policy for the new team?
Which of the following is valid distribute search group?
A)
B)
C)
D)
A Universal Forwarder is collecting two separate sources of data (A,B). Source A is being routed through a Heavy Forwarder and then to an indexer. Source B is being routed directly to the indexer. Both sets of data require the masking of raw text strings before being written to disk. What does the administrator need to do to
ensure that the masking takes place successfully?
An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data
is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the
index?
Which Splunk component does a search head primarily communicate with?
Which of the following is a benefit of distributed search?
How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON
A)
B)
C)
D)
Which of the following monitor inputs stanza headers would match all of the following files?
/var/log/www1/secure.log
/var/log/www/secure.l
/var/log/www/logs/secure.logs
/var/log/www2/secure.log
Which of the following enables compression for universal forwarders in outputs. conf ?
A)
B)
C)
D)
