Splunk SPLK-3003 Splunk Core Certified Consultant Exam Exam Practice Test Questions

• Question 1

  A customer would like Splunk to delete files after they've been ingested. The Universal Forwarder has read/ write access to the directory structure. Which input type would be most appropriate to use in order to ensure files are ingested and then deleted afterwards?

  • Script
  • Batch
  • Monitor
  • Fschange

  Show Answer Answer: B Next

• Question 2

  What is the primary driver behind implementing indexer clustering in a customer's environment?

  • To improve resiliency as the search load increases.
  • To reduce indexing latency.
  • To scale out a Splunk environment to offer higher performance capability.
  • To provide higher availability for buckets of data.

  Show Answer Answer: D Next

• Question 3

  Which configuration item should be set to false to significantly improve data ingestion performance?

  • AUTO_KV_JSON
  • BREAK_ONLY_BEFORE_DATE
  • SHOULD_LINEMERGE
  • ANNOTATE_PUNCT

  Show Answer Answer: C Next

• Question 4

  In addition to the normal responsibilities of a search head cluster captain, which of the following is a default behavior?

  • The captain is not a cluster member and does not perform normal search activities.
  • The captain is a cluster member who performs normal search activities.
  • The captain is not a cluster member but does perform normal search activities.
  • The captain is a cluster member but does not perform normal search activities.

  Show Answer Answer: B Next

• Question 5

  Which of the following is the most efficient search?

  • Index=www status=200 uri=/cart/checkout | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id
  • (index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum (revenue) as total_revenue by session_id | table total_revenue session_id
  • Index=www | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id
  • (index=www) OR (index=sales) | search (index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

  Show Answer Answer: B Next