Splunk Enterprise Data Administration Quiz Questions and Answers

What hardware attribute would you need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?

Answer :
  • CPUs

True/False: $SPLUNK_HOME/etc/users/authentication.conf

Answer :
  • FALSE

How do you remove missing forwarders from the Monitoring Console?

Answer :
  • By rebuilding the forwarder asset table

Which of the following are methods for adding inputs in Splunk? (Select all that apply)

Answer :
  • Editing inpits.conf
  • Splunk Web
  • CLI

Which setting in indexes.conf allows data retention to be controlled by time?

Answer :
  • frozenTimePeriodInSecs

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

Answer :
  • Blacklist

In which Splunk configuration is the SEDCMD used?

Answer :
  • props.conf

Which parent directory contains the configuration files in Splunk?

Answer :
  • $SPLUNK_HOME/etc

What is required when adding a native user to Splunk?

Answer :
  • Full Name
  • Default app

Which Splunk component requires a Forwarder license?

Answer :
  • Heavy forwarder