Before users can use a KV store, an admin must create a collection. Where is a collection is defined?

• A.kvstore.conf
• B.collection.conf
• C.collections.conf
• D.kvcollections.conf

Comment: *

Name: *

Email: *

Verification: *

Splunk Enterprise platform instrumentation refers to data that the Splunk Enterprise deployment logs in the
_introspection index. Which of the following logs are included in this index? (Select all that apply.)

• A.resource_usage.log
• B.metrics.log
• C.audit.log
• D.disk_objects.log

Comment: *

Name: *

Email: *

Verification: *

What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)

• A.Bootstraps a clean Splunk install for a SHC.
• B.Distributes non-search related and manual configuration file changes.
• C.Distributes runtime knowledge object changes made by users across the SHC.
• D.Distributes apps to SHC members.

Comment: *

Name: *

Email: *

Verification: *

A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)

• A.The colleague did not explicitly use the field in the search and the search was set to Fast Mode.
• B.The events are tagged as communicate, but are missing the network tag.
• C.The field was extracted as a private knowledge object.
• D.The Typing Queue, which does regular expression replacements, is blocked.

Comment: *

Name: *

Email: *

Verification: *

Which of the following are true statements about Splunk indexer clustering?

• A.All peer nodes must run exactly the same Splunk version.
• B.The master node must run the same or a later Splunk version than search heads.
• C.The peer nodes must run the same or a later Splunk version than the master node.
• D.The search head must run the same or a later Splunk version than the peer nodes.

Comment: *

Name: *

Email: *

Verification: *