In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which value would fit best?

Event example:

• A.MAX_TIMESTAMP_L0CKAHEAD = 5
• B.MAX TIMESTAMP LOOKAHEAD - 30
• C.MAX_TIMESTAMP_LOOKAHEAD - 10
• D.MAX_TIMESTAMF_LOOKHEAD = 20

Comment: *

Name: *

Email: *

Verification: *

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON A)

B)

C)

D)

• A.option A
• B.Option B
• C.Option C
• D.Option D

Comment: *

Name: *

Email: *

Verification: *

In which Splunk configuration is the SEDCMDused?

• A.props.conf
• B.inputs.conf
• C.indexes.conf
• D.transforms.conf

Comment: *

Name: *

Email: *

Verification: *

What are the values for host and index for [stanza1] used by Splunk during index time, given the following configuration files?

• A.host=server1
  index=unixinfo
• B.host=server1
  index=searchinfo
• C.host=unixsvr1
  index=unixinfo
• D.host=searchsvr1
  index=searchinfo

Comment: *

Name: *

Email: *

Verification: *

Which Splunk component performs indexing and responds to search requests from the search head?

• A.Forwarder
• B.Search head cluster
• C.License master
• D.Search peer

Comment: *

Name: *

Email: *

Verification: *