A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)
In the deployment planning process, when should a person identify who gets to see network data?
What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)
Of the following types of files within an index bucket, which file type may consume the most disk?
A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they also want high data availability and high search performance. The customer is concerned about cost and wants to spend the minimum amount on the hardware for Splunk. How many indexers are recommended for this deployment?
