At which default interval does metrics.log generate a periodic report regarding license utilization?
A. 10 seconds
B. 30 seconds
C. 60 seconds
D. 300 seconds
Which of the following is a good practice for a search head cluster deployer?
A. The deployer only distributes configurations to search head cluster members when they "phone home".
B. The deployer must be used to distribute non-replicable configurations to search head cluster members.
C. The deployer must distribute configurations to search head cluster members to be valid configurations.
D. The deployer only distributes configurations to search head cluster members with splunk apply shcluster-bundle.
A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?
A. Configure syslog to send the data to multiple Splunk indexers.
B. Use a Splunk indexer to collect a network input on port 514 directly.
C. Use a Splunk forwarder to collect the input on port 514 and forward the data.
D. Configure syslog to write logs and use a Splunk forwarder to collect the logs.
To reduce the captain's work load in a search head cluster, what setting will prevent scheduled searches from running on the captain?
A. adhoc_searchhead = true (on all members)
B. adhoc_searchhead = true (on the current captain)
C. captain_is_adhoc_searchhead = true (on all members)
D. captain_is_adhoc_searchhead = true (on the current captain)
A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they also want high data availability and high search performance. The customer is concerned about cost and wants to spend the minimum amount on the hardware for Splunk.
How many indexers are recommended for this deployment?
A. Two indexers not in a cluster, assuming users run many long searches.
B. Three indexers not in a cluster, assuming a long data retention period.
C. Two indexers clustered, assuming high availability is the greatest priority.
D. Two indexers clustered, assuming a high volume of saved/scheduled searches.
Splunk Enterprise platform instrumentation refers to data that the Splunk Enterprise deployment logs in the _introspection index. Which of the following logs are included in this index? (Select all that apply.)
A. audit.log
B. metrics.log
C. disk_objects.log
D. resource_usage.log
Which of the following can a Splunk diag contain?
A. Search history, Splunk users and their roles, running processes, indexed data
B. Server specs, current open connections, internal Splunk log files, index listings
C. KV store listings, internal Splunk log files, search peer bundles listings, indexed data
D. Splunk platform configuration details, Splunk users and their roles, current open connections, index listings
Which of the following are true statements about Splunk indexer clustering?
A. All peer nodes must run exactly the same Splunk version.
B. The master node must run the same or a later Splunk version than search heads.
C. The peer nodes must run the same or a later Splunk version than the master node.
D. The search head must run the same or a later Splunk version than the peer nodes.
Which CLI command converts a Splunk instance to a license slave?
A. splunk add licenses
B. splunk list licenser-slaves
C. splunk edit licenser-localslave
D. splunk list licenser-localslave
Which of the following artifacts are included in a Splunk diag file? (Select all that apply.)
A. OS settings.
B. Internal logs.
C. Customer data.
D. Configuration files.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Splunk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SPLK-2002 exam preparations and Splunk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.