Examice

Exam SPLK-2002 All QuestionsBrowse all questions from this exam

Go to Exam

Question 77

Which of the following options can improve reliability of syslog delivery to Splunk? (Select all that apply.)

Use TCP syslog.

Configure UDP inputs on each Splunk indexer to receive data directly.

Use a network load balancer to direct syslog traffic to active backend syslog listeners.

Use one or more syslog servers to persist data with a Universal Forwarder to send the data to Splunk indexers.

Correct Answer: A, D

To improve the reliability of syslog delivery to Splunk, using TCP for syslog is beneficial. TCP is a connection-oriented protocol that ensures data delivery, which can significantly enhance reliability compared to UDP. Additionally, implementing one or more syslog servers to persist data and using a Universal Forwarder to send this data to Splunk indexers is another effective approach. This method helps in capturing and forwarding logs even during interruptions or Splunk process downtimes.

Discussion

M_K_SOptions: AC

Mine is A,C,D

sadhkaOptions: AD

My answer is A and D

AnaBeeOptions: AD

pg 129 | Archietecting & pg 71 | Troubleshooting

manu78Options: AD

A and D are correct

b5white

A Splunk instance can listen on any port for incoming syslog messages. While this is easy to configure, it’s not considered best practice for getting syslog messages into Splunk. If the splunkd process stops, all syslog messages sent during the downtime would be lost. -- The Complete Guide to Using Syslog with Splunk https://kinneygroup.com/blog/splunk-syslog/

b5white

So C D

wirix25718

Is it not top

qtygbapjpesdayazko

wildcards are not efficient