Examice

Exam SPLK-1003 All QuestionsBrowse all questions from this exam

Question 35

How would you configure your distsearch.conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON

[distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089, houston2:8089

[distributedSearch] servers =nyc1, nyc2, houston1, houston2 [distributedSearch:NYC] default = false servers = nyc1, nyc2 [distributedSearch:HOUSTON] default = false servers = houston1, houston2

[distributedSearch] servers =nyc1:8089, nyc2:8089, houston1:8089, houston2:8089 [distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089, houston2:8089

[distributedSearch] servers =nyc1:8089; nyc2:80893; houston1:8089; houston2:8089 [distributedSearch:NYC] default = false servers = nyc1:8089; nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:80897706; houston2:80898350

Correct Answer: C

To configure your distsearch.conf for the provided search, you need to specify the complete set of servers in the [distributedSearch] stanza with the correct URI format (hostname:port). You should also define individual groups like [distributedSearch:HOUSTON] with the specific servers that the group contains. The correct format is demonstrated in option C, where the servers are listed properly with their respective ports and grouped accordingly. This allows the search to correctly refer to the HOUSTON group with splunk_server_group=HOUSTON.

Discussion

nottyanOption: C

I think C is Ans. https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Distributedsearchgroups

newroseOption: C

In my opinion it is C: Example from https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Distributedsearchgroups: [distributedSearch] # This stanza lists the full set of search peers. servers = 192.168.1.1:8089, 192.168.1.2:8089, 175.143.1.1:8089, 175.143.1.2:8089, 175.143.1.3:8089 [distributedSearch:NYC] # This stanza lists the set of search peers in New York. default = false servers = 192.168.1.1:8089, 192.168.1.2:8089 [distributedSearch:SF] # This stanza lists the set of search peers in San Francisco. default = false servers = 175.143.1.1:8089, 175.143.1.2:8089, 175.143.1.3:8089 And specifications from distsearch.conf: servers = <comma-separated list> * An initial list of servers. * Each member of this list must be a valid URI in the format of scheme://hostname:port

ArDeKuOption: C

The answer is C.. Refer link - https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups

tmmtOption: C

Is C, others have invalid parameter separator, port and invalid stanza for distsearch

Marco63Option: C

see https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups The servers attribute lists groups of search peers by IP address and management port. The servers list for each search group must be a subset of the list in the general [distributedSearch] stanza.

ApisOption: C

C is correct

HR1234Option: C

C is Ans

toney_muOption: C

I would choose C https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Distributedsearchgroups

Steve2610Option: B

B I think

rafiki31Option: A

A is also correct to me: "the full set of search peers in the [distributedSearch] stanza will be queried when the search does not specify a search group." https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Distributedsearchgroups Here the search specifies the search group

boruileiOption: D

i think d is ans

Ashton_98

100% not D. You can't have ports over 65,535.

AngusBlack

Plus they are supposed to be comma separated, not colons