Which of the following is a valid distributed search group?
Which of the following is a valid distributed search group?
The valid distributed search group should have a stanza name starting with [distributedSearch:*], and servers should be listed without specifying a port number, as the default settings will be used. Therefore, [distributedSearch:Paris] default = false servers = server1, server2 is the correct option.
I'm sorry ... D is wrong separator is ';' (not permitted) instead ','
It's true. They are all wrong.
I think its a typo, option D would be the closet
D. [distributedSearch:Paris] default = false servers = server1:8089; server2:8089
But the separator is incorrect
A is the correct one correct stanza name -> [distributedSearch:xxxx] correct separator -> , servers listed don't need to have the port defined, and Splunk will use the default attribute listed in distsearch.conf.spec https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Distsearchconf#distsearch.conf.example
D is the answer but there's a typo in the answer. It should be ',' not ';'
I just tested this and a port is required. So, with given choices I would go with D
The correct answer is D. The stanza is <DS1_IP:8089>, <DS2_IP:8089>,....
I think it is "D" <<The servers attribute lists groups of search peers by IP address and management port>>
D is the answer https://docs.splunk.com/Documentation/Splunk/8.2.4/Admin/Distsearchconf
distsearch.conf specification says: servers = <comma-separated list> * An initial list of servers. * Each member of this list must be a valid URI in the format of scheme://hostname:port I haven't tested, but in my understanding the port value is needed, and in that case it couldn't be alternative A. The separator ";" in alternative D makes it wrong too (maybe a test typo?), although it certainly would be the correct one if the separator was a comma.
Sorry A
Answer is C
Is D but the separator in incorrect
as per latest splunk document https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Distributedsearchgroups option is D
D is the correct answer, however with a typo I checked and you have to provide port number, otherwise you get the following error: Failed to parse uri for peer:Paris. This search peer will be ignored.
B and C are definitely wrong. A is not correct since no port number is given, and that is required. See https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Distsearchconf Distributed Search Group Definitions: servers = <comma-separated list> * A list of search peers that are members of this group. * The list must use peer identifiers (i.e. hostname:port) Answer D must be a typo, and supposed to show a comma and not a semi colon. In that case it is correct.
It is A, read the documentation : "The servers attribute lists groups of search peers by IP address and management port" , so a server always contains already a port, it is not listed as a seperate attribute.
The answer is B.. Refer link - https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups