Examice

Exam SPLK-2002 All QuestionsBrowse all questions from this exam

Go to Exam

Question 68

Which of the following statements about integrating with third-party systems is true? (Select all that apply.)

A Hadoop application can search data in Splunk.

Splunk can search data in the Hadoop File System (HDFS).

You can use Splunk alerts to provision actions on a third-party system.

You can forward data from Splunk forwarder to a third-party system without indexing it first.

Correct Answer: A, C

A Hadoop application can search data in Splunk using the REST API, enabling integration between the two platforms. Additionally, Splunk alerts can be configured to trigger actions on third-party systems based on query results, allowing automated responses to specific conditions detected in Splunk's data. These capabilities highlight the flexibility and integration potential of Splunk with other systems.

Discussion

M_K_SOptions: BCD

My Answer is BCD

ProctorOptions: AC

Unpopular answer I guess, but I'd say A and C. A. Hadoop applications can search data in Splunk using the REST API at minimum C. Alert actions can be used to trigger actions based on a query result But not... B. Splunk can't search data on HDFS without indexing it first. D. I see other comments saying that there's a 3rd party tool that can receive data directly from a UF, but assume that this is talking about first-party architecture as designed (and, besides, they have a lawsuit open against Cribl :))

qtygbapjpesdayazko

The D is correct, you can use de UF and HF to send data do other systems: https://www.tekstream.com/blog/route-data-to-multiple-destinations/

brettwOptions: BC

100% B,C,D B. Splunk can search data in the Hadoop File System (HDFS). - Correct C. You can use Splunk alerts to provision actions on a third-party system. - Correct: Systems such as Critical Start can utilize alerts to provision additional actions from within their system. D. You can forward data from Splunk forwarder to a third-party system without indexing it first. - Correct: As mentioned Cribl LogStream can ingest data directly from the UF modify the streamed data, and then forward that data to the indexer(s)

qtygbapjpesdayazkoOptions: BC

B. Splunk can search data in the Hadoop File System (HDFS). C. You can use Splunk alerts to provision actions on a third-party system. D. You can forward data from Splunk forwarder to a third-party system without indexing it first.

dseitzOptions: BC

B,C Not D bc the it can only send data AFTER it's indexed

diddely

That would defy the whole purpose of the HF.

[Removed]

You are incorrect: https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd

RedYeti

LogStream from Cribl can receive data from Forwarders