SPLUNK SPLK 1003
Q: 1
What is the name of the object that stores events inside of an index?
Options
Q: 2
An admin updates the Role to Group mapping for external authentication. How does the change
affect users that are currently logged into Splunk?
Options
Q: 3
For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
Options
Q: 4
Which of the following apply to how distributed search works? (select all that apply)
Options
Q: 5
Event processing occurs at which phase of the data pipeline?
Options
Q: 6
A non-clustered Splunk environment has three indexers (A,B,C) and two search heads (X, Y). During a
search executed on search head X, indexer A crashes. What is Splunk's response?
Options
Q: 7
Which forwarder type can parse data prior to forwarding?
Options
Q: 8
Which Splunk component distributes apps and certain other configuration updates to search head
cluster members?
Options
Q: 9
What is the correct curl to send multiple events through HTTP Event Collector?
Options
Q: 10
Immediately after installation, what will a Universal Forwarder do first?
Options
Question 1 of 10
