SPLK-1003 VCE Exam Download

Splunk Enterprise Certified Admin Questions and Answers

Question 21

When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?

Options:

Enable indexer acknowledgment.

Enable forwarder acknowledgment.

splunk check-integrity -index

index=_internal component=ACK | stats count by host

Question 22

An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data

is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the

index?

Options:

Buy a bigger Splunk license.

Add 2.5 TB each day for the next 5 days.

Add all 10 TB in a single 24 hour period.

Add 200 GB of historical data each day for 50 days.

Question 23

UsingSEDCMDinprops.confallows raw data to be modified. With the given event below, which option will mask the first three digits of theAcctIDfield resulting output:[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

Event:

[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

Options:

SEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g

SEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g

SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g

SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g

Question 24

What will the following inputs. conf stanza do?

[script://myscript . sh]

Interval=0

Options:

The script will run at the default interval of 60 seconds.

The script will not be run.

The script will be run only once for each time Splunk is restarted.

The script will be run. As soon as the script exits, Splunk restarts it.

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Splunk Enterprise Certified Admin Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce