SPLK-2002 Online Practice Questions and Answers

When adding or rejoining a member to a search head cluster, the following error is displayed: Error pulling configurations from the search head cluster captain; consider performing a destructive configuration resync on this search head cluster member.

What corrective action should be taken?

A. Restart the search head.

B. Run the splunk apply shcluster-bundle command from the deployer.

C. Run the clean raft command on all members of the search head cluster.

D. Run the splunk resync shcluster-replicated-config command on this member.

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)

A. Check serverclass.conf of the deployment server.

B. Check deploymentclient.conf of the deployment client.

C. Check the content of SPLUNK_HOME/etc/apps of the deployment server.

D. Search for relevant events in splunkd.log of the deployment server.

Which CLI command converts a Splunk instance to a license slave?

A. splunk add licenses

B. splunk list licenser-slaves

C. splunk edit licenser-localslave

D. splunk list licenser-localslave

How does IT Service Intelligence (ITSI) impact the planning of a Splunk deployment?

A. ITSI requires a dedicated deployment server.

B. The amount of users using ITSI will not impact performance.

C. ITSI in a Splunk deployment does not require additional hardware resources.

D. Depending on the Key Performance Indicators that are being tracked, additional infrastructure may be needed.

The KV store forms its own cluster within a SHC. What is the maximum number of SHC members KV store will form?

A. 25

B. 50

C. 100

D. Unlimited

Which of the following is a way to exclude search artifacts when creating a diag?

A. SPLUNK_HOME/bin/splunk diag --exclude

B. SPLUNK_HOME/bin/splunk diag --debug --refresh

C. SPLUNK_HOME/bin/splunk diag --disable=dispatch

D. SPLUNK_HOME/bin/splunk diag --filter-searchstrings

Of the following types of files within an index bucket, which file type may consume the most disk?

A. Rawdata

B. Bloom filter

C. Metadata (.data)

D. Inverted index (.tsidx)

Which of the following statements about integrating with third-party systems is true? (Select all that apply.)

A. A Hadoop application can search data in Splunk.

B. Splunk can search data in the Hadoop File System (HDFS).

C. You can use Splunk alerts to provision actions on a third-party system.

D. You can forward data from Splunk forwarder to a third-party system without indexing it first.

Consider a use case involving firewall data. There is no Splunk-supported Technical Add-On, but the vendor has built one. What are the items that must be evaluated before installing the add-on? (Select all that apply.)

A. Identify number of scheduled or real-time searches.

B. Validate if this Technical Add-On enables event data for a data model.

C. Identify the maximum number of forwarders Technical Add-On can support.

D. Verify if Technical Add-On needs to be installed onto both a search head or indexer.

What is a Splunk Job? (Select all that apply.)

A. A user-defined Splunk capability.

B. Searches that are subjected to some usage quota.

C. A search process kicked off via a report or an alert.

D. A child OS process manifested from the splunkd process.