← Back to exam page

SPLK-3003 Splunk Core Certified Consultant

Loading demo links...

Showing 1–3 of 10 questions

Question 1

A customer has the following Splunk instances within their environment: An indexer cluster consisting of a cluster master/master node and five clustered indexers, two search heads (no search head clustering), a deployment server, and a license master. The deployment server and license master are running on their own single-purpose instances. The customer would like to start using the Monitoring Console (MC) to monitor the whole environment.

On the MC instance, which instances will need to be configured as distributed search peers by specifying them via the UI using the settings menu?

Select an option, then click Submit answer.

  • Just the cluster master/master node.

  • Indexers, search heads, deployment server, license master, cluster master/master node.

  • Search heads, deployment server, license master, cluster master/master node

  • Deployment server, license master
Question 2

As data enters the indexer, it proceeds through a pipeline where event processing occurs. In which pipeline does line breaking occur?

Select an option, then click Submit answer.

  • Indexing

  • Typing

  • Merging

  • Parsing
Question 3

In the diagrammed environment shown below, the customer would like the data read by the universal forwarders to set an indexed field containing the UF’s host name. Where would the parsing configurations need to be installed for this to work?

Select an option, then click Submit answer.

  • All universal forwarders.

  • Only the indexers.

  • All heavy forwarders.

  • On all parsing Splunk instances.