Using Splunk Web to modify config settings for a shared object, a revised config file with those changes is placed in which directory? A. $SPLUNK_HOME/etc/apps/myApp/local B. $SPLUNK_HOME/etc/system/default/ C. $SPLUNK_HOME/etc/system/local D. $SPLUNK_HOME/etc/apps/myApp/default Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Howtoeditaconfigurationfile

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role? A. /servicesNS/-/data/saved/searches/mySearch B. /servicesNS/object/saved/searches/mySearch C. /servicesNS/search/saved/searches/mySearch D. /servicesNS/-/search/saved/searches/mySearch Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

What must be done when calling the serviceNS endpoint? A. Authenticate with an admin user. B. Specify the user and app context in the URI. C. Authenticate with the user of the required context. D. Pass the user and app context in the request payload. Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Which of the following is true of a namespace? A. The namespace is a type of token filter. B. The namespace includes an app attribute which cannot be a wildcard. C. The namespace filters the knowledge objects returned by the REST API. D. The namespace does not filter knowledge objects returned by the REST API.

Which of the following options would be the best way to identify processor bottlenecks of a search? A. Using the REST API. B. Using the search job inspector. C. Using the Splunk Monitoring Console. D. Searching the Splunk logs using index=“ internal”.

Which of the following statements describe oneshot searches? (Select all that apply.) A. Are always executed asynchronously. B. Can specify csv as an output format. C. Stream all results upon search completion. D. Can use auto_cancel to set a timeout limit. Reference: https://dev.splunk.com/enterprise/docs/devtools/java/sdk-java/howtousesdkjava/howtoworkjobjava/

Which of the following are characteristics of an add-on? (Select all that apply.) A. Requires navigation file. B. Occupies a unique namespace within Splunk. C. Can depend on add-ons for correct operation. D. Contains technology or components not intended for reuse by other apps.

Which of the following statements define a namespace? A. The namespace is a combination of the user and the app. B. The namespace is a combination of the user, the app, and the role. C. The namespace is a combination of the user, the app, the role, and the sharing level. D. The namespace is […]

After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance. After logging in to the new instance, the dashboard is not seen. What could have happened? (Select all that apply.) A. The dashboard’s permissions were set to private. B. User role permissions are different on the new instance. C. […]

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.) A. No need to do anything, it is turned on by default. B. When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1. C. When a new HEC token is […]