Online Access Free SPLK-1003 Exam Questions

There is a file with a vast amount of old data. Which of the following inputs. conf attributes would allow an admin to monitor the file for updates without indexing the pre-existing data?

• A.ignoreOlderThan
• B.allowList
• C.llowTail
• D.monitor

When configuring Distributed Search, which of the following stanzas will add search peers?
[distributedSearch]

• A.[distributedSearch]
• B.servers = 192.168.1.1, 192.168.1.2
  [distributedSearch]
• C.servers = 192.168.1.1:8089, 192.168.1.2:8089
• D.servers = ://192.168.1.1, ://192.168.1.2
  [distributedSearch]

There is an application cluster that produces logs with ISO-8859-5 character encoding.
Where should the props.confsetting be deployed to make these logs usable in Splunk?

• A.On the Search Head
• B.On the Management Console
• C.On the Indexers
• D.On the Universal Forwarders

Which setting allows the configuration of Splunk to allow events to span over more than one line?

• A.SHOULD_LINEMERGE = false
• B.SHOULD_LINEMERGE = true
• C.BREAK_ONLY_BEFORE = <REGEX pattern>
• D.BREAK_ONLY_BEFORE_DATE = true

Which of the following indexes come pre-configured with Splunk Enterprise? (select all that apply)

• A._thefishbucket
• B._lnternal
• C._external
• D._license