which parent directory contains the configuration files in Splunk?
$SPLUNK_HOME/etc
where can scripts for scripted inputs reside on the host file
... [Show More] system?
$SPLUNK_HOME/bin/scripts
$SPLUNK_HOME/etc/system/bin
In which Splunk configuration is the SEDCMD used
props.conf
User Role inheritance allows what to be inherited?
Capabilities
Index Access
What are the correct order of steps in Duo Multifactor Authentication?
1. request login
2.Duo MFA
3.Authentication Granted
4. Connect to SAML server
5. Log in to Splunk
6. create user session
which Splunk component consolidates the individual results and prepares reports in a distributed environment?
Search Head
Within the props.conf, which stanzas are valid for data modification?
Sourcetype
Source
Host
to set up a network input in Splunk, what needs to be specified?
Network Protocol and port number
what enables compression for the universal forwarders in the outputs.conf?
[tcpout] defaultGroup=my_indexers compressed=true
in which phase of the index time process does the license metering occur?
indexing phase
The priority of layered Splunk configuration files depends on the fileOs:
Context
what are supported configuration methods to add inputs on a forwarder?
Edit inputs.conf
Forwarder Management
CLI
when running this command what is the default path in which deploymentserver.conf is created?
splunk set deploy-poll deployServer:port
SPLUNK_HOME/etc/system/local
what statements describe deployment management?
Requires an Enterprise license
Is responsible for sending apps to forwarders
Where should apps be located on the deployment server that clients pull from?
$SPLUNK_HOME/etc/deployment-apps
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
Heavy forwarder
In the case of a conflict between a whitelist and blacklist input setting, which one is used?
Blacklist
Which forwarder type can parse data prior to forwarding?
Heavy forwarder
what options are available when creating custom roles?
Allow or restrict indexes that can be searched
limit the number of concurrent search jobs
Restrict search terms
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
Deployer [Show Less]