← Back to exam page

SPLK-3003 Splunk Core Certified Consultant

Loading demo links...

Showing 7–9 of 10 questions

Question 7

A customer with a large distributed environment has blacklisted a large lookup from the search bundle to decrease the bundle size using distsearch.conf. After this change, when running searches utilizing the lookup that was blacklisted they see error messages in the Splunk Search UI stating the lookup file does not exist.

What can the customer do to resolve the issue?

Select an option, then click Submit answer.

  • The search needs to be modified to ensure the lookup command specifies parameter local=true.

  • The blacklisted lookup definition stanza needs to be modified to specify setting allow_caching=true.

  • The search needs to be modified to ensure the lookup command specified parameter blacklist=false.

  • The lookup cannot be blacklisted; the change must be reverted.
Question 8

Which of the following is the most efficient search?

Select an option, then click Submit answer.

  • index=www status=200 uri=/cart/checkout | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

  • (index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

  • index=www | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

  • (index=www) OR (index=sales) | search (index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id
Question 9

Which command is most efficient in finding the pass4SymmKey of an index cluster?

Select an option, then click Submit answer.

  • find / -name server.conf –print | grep pass4SymKey

  • $SPLUNK_HOME/bin/splunk search | rest splunk_server=local /servicesNS/-/unhash_app/storage/passwords

  • $SPLUNK_HOME/bin/splunk btool server list clustering | grep pass4SymmKey

  • $SPLUNK_HOME/bin/splunk btool clustering list clustering --debug | grep pass4SymmKey