SPLK-1003 Free Practice Test

Which of the following is a valid distributed search group?

1. A. [distributedSearch:Paris] default = false servers = server1, server2
2. B. [searchGroup:Paris] default = false servers = server1:8089, server2:8089
3. C. [searchGroup:Paris] default = false servers = server1:9997, server2:9997
4. D. [distributedSearch:Paris] default = false servers = server1:8089; server2:8089

Correct Answer: D
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Distributedsearchgroups

What are the required stanza attributes when configuring the transforms.conf to manipulate or remove events?

1. A. REGEX, DEST, FORMAT
2. B. REGEX, SRC_KEY, FORMAT
3. C. REGEX, DEST_KEY, FORMAT
4. D. REGEX, DEST_KEY, FORMATTING

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Transformsconf

The universal forwarder has which capabilities when sending data? (Select all that apply.)

1. A. Sending alerts
2. B. Compressing data
3. C. Obfuscating/hiding data
4. D. Indexer acknowledgement

Correct Answer: D
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders

Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)?

1. A. _TCP_ROUTING
2. B. _INDEXER_LIST
3. C. _INDEXER_GROUP
4. D. _INDEXER_ROUTING

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Monitorfilesanddirectorieswithinputs.conf

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

1. A. Universal forwarder
2. B. Parsing forwarder
3. C. Heavy forwarder
4. D. Advanced forwarder

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/Forwarding/Typesofforwarders