SPLK-2002 Online Practice Questions and Answers
Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?
A. Increasing the search factor in the cluster.
B. Increasing the replication factor in the cluster.
C. Increasing the number of search heads in the cluster.
D. Increasing the number of CPUs on the indexers in the cluster.
Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?
A. Replace the indexer storage to solid state drives (SSD).
B. Add more search heads and redistribute users based on the search type.
C. Look for slow searches and reschedule them to run during an off-peak time.
D. Add more search peers and make sure forwarders distribute data evenly across all indexers.
What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)
A. Distributes apps to SHC members.
B. Bootstraps a clean Splunk install for a SHC.
C. Distributes non-search related and manual configuration file changes.
D. Distributes runtime knowledge object changes made by users across the SHC.
Which of the following commands is used to clear the KV store?
A. splunk clean kvstore
B. splunk clear kvstore
C. splunk delete kvstore
D. splunk reinitialize kvstore
Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?
A. Increase the maximum number of hot buckets in indexes.conf
B. Increase the number of parallel ingestion pipelines in server.conf
C. Decrease the maximum size of the search pipelines in limits.conf
D. Decrease the maximum concurrent scheduled searches in limits.conf
Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)
A. Check serverclass.conf of the deployment server.
B. Check deploymentclient.conf of the deployment client.
C. Check the content of SPLUNK_HOME/etc/apps of the deployment server.
D. Search for relevant events in splunkd.log of the deployment server.
What is the minimum reference server specification for a Splunk indexer?
A. 12 CPU cores, 12GB RAM, 800 IOPS
B. 16 CPU cores, 16GB RAM, 800 IOPS
C. 24 CPU cores, 16GB RAM, 1200 IOPS
D. 28 CPU cores, 32GB RAM, 1200 IOPS
At which default interval does metrics.log generate a periodic report regarding license utilization?
A. 10 seconds
B. 30 seconds
C. 60 seconds
D. 300 seconds
A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?
A. Configure syslog to send the data to multiple Splunk indexers.
B. Use a Splunk indexer to collect a network input on port 514 directly.
C. Use a Splunk forwarder to collect the input on port 514 and forward the data.
D. Configure syslog to write logs and use a Splunk forwarder to collect the logs.
Before users can use a KV store, an admin must create a collection. Where is a collection is defined?
A. kvstore.conf
B. collection.conf
C. collections.conf
D. kvcollections.conf
Which search will show all deployment client messages from the client (UF)?
A. index=_audit component=DC* host=
B. index=_audit component=DC* host=
C. index=_internal component= DC* host=
D. index=_internal component=DS* host=
Configurations from the deployer are merged into which location on the search head cluster member?
A. SPLUNK_HOME/etc/system/local
B. SPLUNK_HOME/etc/apps/APP_HOME/local
C. SPLUNK_HOME/etc/apps/search/default
D. SPLUNK_HOME/etc/apps/APP_HOME/default
The KV store forms its own cluster within a SHC. What is the maximum number of SHC members KV store will form?
A. 25
B. 50
C. 100
D. Unlimited
When configuring a Splunk indexer cluster, what are the default values for replication and search factor?
A. replication_factor = 2 search_factor = 2
B. replication_factor = 2 search factor = 3
C. replication_factor = 3 search_factor = 2
D. replication_factor = 3 search factor = 3
Which of the following options can improve reliability of syslog delivery to Splunk? (Select all that apply.)
A. Use TCP syslog.
B. Configure UDP inputs on each Splunk indexer to receive data directly.
C. Use a network load balancer to direct syslog traffic to active backend syslog listeners.
D. Use one or more syslog servers to persist data with a Universal Forwarder to send the data to Splunk indexers.
Why select/choose certbus.com?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
Copyright © 2004-2025 certbus.com, All Rights Reserved.