Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-2002 Topic 10 Question 105 Discussion

Actual exam question for Splunk's SPLK-2002 exam
Question #: 105
Topic #: 10
[All SPLK-2002 Questions]

Which of the following is true for indexer cluster knowledge bundles?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the Splunk documentation1, indexer cluster knowledge bundles are the configuration files that the cluster master distributes to the peer nodes as part of the cluster configuration bundle. The knowledge bundles contain the knowledge objects, such as event types, tags, lookups, and so on, that are relevant for indexing and searching the data. The cluster master creates the knowledge bundles by merging the app-name/default and app-name/local directories from the apps that reside on the master node.The cluster master then pushes the knowledge bundles to the peer nodes, where they reside under the $SPLUNK_HOME/var/run directory2. The other options are false because:

Only app-name/local is pushed. This is false because the cluster master pushes both the app-name/default and app-name/local directories, after merging them, to the peer nodes.The app-name/local directory contains the local customizations of the app configuration, while the app-name/default directory contains the default app configuration3.

Only app-name/default is pushed. This is false because the cluster master pushes both the app-name/default and app-name/local directories, after merging them, to the peer nodes.The app-name/default directory contains the default app configuration, while the app-name/local directory contains the local customizations of the app configuration3.

app-name/default and app-name/local are pushed without change. This is false because the cluster master merges the app-name/default and app-name/local directories before pushing them to the peer nodes.This ensures that the peer nodes have the latest and consistent configuration of the apps3.


by Dianne at Jan 14, 2025, 05:52 AM

Limited Time Offer

25%

Off

Get Premium SPLK-2002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lelia
5 days ago
I think the answer is B) app-name/default and app-name/local are merged before pushing.
upvoted 0 times
...
Elina
9 days ago
C has got to be the right answer. Why would we push both bundles separately? That's just wasteful.
upvoted 0 times
...
Sharan
10 days ago
Hmm, I'm torn between B and D. Maybe I'll just flip a coin and hope for the best!
upvoted 0 times
...
Elena
14 days ago
I'm gonna go with B. Merging the default and local bundles makes sense before pushing them.
upvoted 0 times
...
Hershel
15 days ago
D seems like the correct answer to me. Why would we only push one of the bundles when we have both available?
upvoted 0 times
Marcos
3 days ago
B) app-name/default and app-name/local are merged before pushing.
upvoted 0 times
...
Felicitas
5 days ago
A) Only app-name/local is pushed.
upvoted 0 times
...
...

Save Cancel