In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
Correct Answer: C
The answer to your question is C. services/data/collector. This is the endpoint URI used to collect data in a customer managed Splunk Enterprise environment. According to the Splunk documentation1, "The HTTP Event Collector REST API endpoint is /services/data/collector. You can use this endpoint to send events to HTTP Event Collector on a Splunk Enterprise or Splunk Cloud Platform deployment." You can also use this endpoint to send events to a specific token or index1. For example, you can use the following curl command to send an event with the token 578254cc-05f5-46b5-957b-910d1400341a and the index main: curl -k https://localhost:8088/services/data/collector -H 'Authorization: Splunk 578254cc-05f5-46b5-957b-910d1400341a' -d '{"index":"main","event":"Hello, world!"}'
Question 167
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
Correct Answer: C
Question 168
Which of the following describes a Splunk deployment server?
Correct Answer: C
A Splunk deployment server is a system that distributes apps, configurations, and other assets to groups of Splunk Enterprise instances. You can use it to distribute updates to most types of Splunk Enterprise components: forwarders, non-clustered indexers, and search heads2. A Splunk deployment server is available on every full Splunk Enterprise instance. To use it, you must activate it by placing at least one app into %SPLUNK_HOME%\etc\deployment-apps on the host you want to act as deployment server3. A Splunk deployment server maintains the list of server classes and uses those server classes to determine what content to distribute to each client. A server class is a group of deployment clients that share one or more defined characteristics1. A Splunk deployment client is a Splunk instance remotely configured by a deployment server. Deployment clients can be universal forwarders, heavy forwarders, indexers, or search heads. Each deployment client belongs to one or more server classes1. A Splunk deployment app is a set of content (including configuration files) maintained on the deployment server and deployed as a unit to clients of a server class. A deployment app can be an existing Splunk Enterprise app or one developed solely to group some content for deployment purposes1. Therefore, option C is correct, and the other options are incorrect.
Question 169
Which of the following enables compression for universal forwarders in outputs. conf ?
Correct Answer: B
Explanation https://docs.splunk.com/Documentation/Splunk/latest/Admin/Outputsconf # Compression # # This example sends compressed events to the remote indexer. # NOTE: Compression can be enabled TCP or SSL outputs only. # The receiver input port should also have compression enabled. [tcpout] server = splunkServer.example.com:4433 compressed = true
Question 170
Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)
Correct Answer: A,D
Explanation https://docs.splunk.com/Documentation/Splunk/8.1.1/Knowledge/Configureadvancedextractionswithfieldtransfo use transformations with props.conf and transforms.conf to: - Mask or delete raw data as it is being indexed -Override sourcetype or host based upon event values - Route events to specific indexes based on event content - Prevent unwanted events from being indexed
