Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Updateconfigurations First line says it all: 'The deployment server distributes deployment apps to clients.'
What is the correct example to redact a plain-text password from raw events?
The correct answer is B. in props.conf:
[identity]
SEDCMD-redact_pw = s/password=([^,|/s]+)/ ####REACTED####/g
s/password=([^,|/s]+)/ ####REACTED####/g
The g flag at the end means that the replacement is applied globally, not just to the first match.
Option A is incorrect because it uses the REGEX attribute instead of the SEDCMD attribute. The REGEX attribute is used to extract fields from events, not to modify them.
Option C is incorrect because it uses the transforms.conf file instead of the props.conf file. The transforms.conf file is used to define transformations that can be applied to fields or events, such as lookups, evaluations, or replacements. However, these transformations are applied after indexing, not before.
Option D is incorrect because it uses both the wrong attribute and the wrong file. There is no REGEX-redact_pw attribute in the transforms.conf file.
References: 1: Redact data from events - Splunk Documentation
What options are available when creating custom roles? (select all that apply)
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Admin/ConcurrentLimits
'Set limits for concurrent scheduled searches. You must have the edit_search_concurrency_all and edit_search_concurrency_scheduled capabilities to configure these settings.'
Which of the following is an acceptable channel value when using the HTTP Event Collector indexer acknowledgment capability?
The HTTP Event Collector (HEC) supports indexer acknowledgment to confirm event delivery. Each acknowledgment is associated with a unique GUID (Globally Unique Identifier).
GUID ensures events are not re-indexed in the case of retries.
Incorrect Options:
B, C, D: These are not valid channel values in HEC acknowledgments.
References:
Splunk Docs: Use indexer acknowledgment with HTTP Event Collector
Vivan
19 days agoAleta
21 days agoRefugia
1 months agoMaurine
2 months agoKasandra
2 months agoCharlesetta
2 months agoClorinda
3 months agoViola
3 months agoRueben
3 months agoFiliberto
3 months agoVince
4 months agoJose
4 months agoVirgie
4 months agoFreida
4 months agoBarney
4 months agoMindy
5 months agoIsadora
5 months agoCordelia
5 months agoRosendo
5 months agoJamal
5 months agoDonette
5 months agoLaurel
6 months agoWillodean
6 months agoIsadora
6 months agoLyndia
6 months agoQuentin
6 months agoAngella
7 months agoTroy
7 months agoFairy
7 months agoMozell
7 months agoCarry
8 months agoKandis
9 months agoHalina
9 months agoMeghann
10 months agoWei
10 months agoOliva
10 months agoEmilio
10 months ago