Which of the following is a way to exclude search artifacts when creating a diag?
A. SPLUNK_HOME/bin/splunk diag --exclude
B. SPLUNK_HOME/bin/splunk diag --debug --refresh
C. SPLUNK_HOME/bin/splunk diag --disable=dispatch
D. SPLUNK_HOME/bin/splunk diag --filter-searchstrings
Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)
A. Free licenses do not support clustering.
B. Replicated data does not count against licensing.
C. Each cluster member requires its own clustering license.
D. Cluster members must share the same license pool and license master.
When planning a search head cluster, which of the following is true?
A. All search heads must use the same operating system.
B. All search heads must be members of the cluster (no standalone search heads).
C. The search head captain must be assigned to the largest search head in the cluster.
D. All indexers must belong to the underlying indexer cluster (no standalone indexers).
In which phase of the Splunk Enterprise data pipeline are indexed extraction configurations processed?
A. Input
B. Search
C. Parsing
D. Indexing
Which server.conf attribute should be added to the master node's server.conf file when decommissioning a site in an indexer cluster?
A. site_mappings
B. available_sites
C. site_search_factor
D. site_replication_factor
Which of the following describe migration from single-site to multisite index replication?
A. A master node is required at each site.
B. Multisite policies apply to new data only.
C. Single-site buckets instantly receive the multisite policies.
D. Multisite total values should not exceed any single-site factors.
In search head clustering, which of the following methods can you use to transfer captaincy to a different member? (Select all that apply.)
A. Use the Monitoring Console.
B. Use the Search Head Clustering settings menu from Splunk Web on any member.
C. Run the splunk transfer shcluster-captain command from the current captain.
D. Run the splunk transfer shcluster-captain command from the member you would like to become the captain.
Which command is used for thawing the archive bucket?
A. Splunk collect
B. Splunk convert
C. Splunk rebuild
D. Splunk dbinspect
A Splunk instance has the following settings in SPLUNK_HOME/etc/system/local/server.conf:
[clustering] mode = master replication_factor = 2 pass4SymmKey = password123
Which of the following statements describe this Splunk instance? (Select all that apply.)
A. This is a multi-site cluster.
B. This cluster's search factor is 2.
C. This Splunk instance needs to be restarted.
D. This instance is missing the master_uri attribute.
How does IT Service Intelligence (ITSI) impact the planning of a Splunk deployment?
A. ITSI requires a dedicated deployment server.
B. The amount of users using ITSI will not impact performance.
C. ITSI in a Splunk deployment does not require additional hardware resources.
D. Depending on the Key Performance Indicators that are being tracked, additional infrastructure may be needed.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Splunk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SPLK-2002 exam preparations and Splunk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.