Which of the following options can improve reliability of syslog delivery to Splunk? (Select all that apply.)
Which of the following options can improve reliability of syslog delivery to Splunk? (Select all that apply.)
To improve the reliability of syslog delivery to Splunk, using TCP for syslog is beneficial. TCP is a connection-oriented protocol that ensures data delivery, which can significantly enhance reliability compared to UDP. Additionally, implementing one or more syslog servers to persist data and using a Universal Forwarder to send this data to Splunk indexers is another effective approach. This method helps in capturing and forwarding logs even during interruptions or Splunk process downtimes.
My answer is A and D
Mine is A,C,D
A and D are correct
pg 129 | Archietecting & pg 71 | Troubleshooting
wildcards are not efficient
Is it not top
A Splunk instance can listen on any port for incoming syslog messages. While this is easy to configure, it’s not considered best practice for getting syslog messages into Splunk. If the splunkd process stops, all syslog messages sent during the downtime would be lost. -- The Complete Guide to Using Syslog with Splunk https://kinneygroup.com/blog/splunk-syslog/
So C D