Which parent directory contains the configuration files in Splunk?

• A.SSFLUNK_HOME/etc
• B.SSPLUNK_HOME/var
• C.SSPLUNK_HOME/conf
• D.SSPLUNK_HOME/default

Comment: *

Name: *

Email: *

Verification: *

What type of data is counted against the Enterprise license at a fixed 150 bytes per event?

• A.Internal Windows logs
• B.Metricsdata
• C.License data
• D.Internal Splunk data

Comment: *

Name: *

Email: *

Verification: *

A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?

• A.ignoreOlderThan = 45d
• B.includeNewerThan = -35d
• C.followTail = -45d
• D.ignore = 45d

Comment: *

Name: *

Email: *

Verification: *

Which additional component is required for a search head cluster?

• A.Monitoring Console
• B.Deployer
• C.Management Console
• D.Cluster Master

Comment: *

Name: *

Email: *

Verification: *

You update a props. conf file while Splunk is running. You do not restart Splunk and you run this command:
splunk btoo1 props list -debug. What will the output be?

• A.A list of props. conf configurations as they are on-disk along with a file path from which the configuration is located
• B.list of all the configurations on-disk that Splunk contains.
• C.A verbose list of all configurations as they were when splunkd started.
• D.A list of the current running props, conf configurations along with a file path from which the configuration was made

Comment: *

Name: *

Email: *

Verification: *