Is the SPLK-1003 practice exam free?

Yes. ExamCademy offers all 204 SPLK-1003 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the SPLK-1003 practice questions?

All SPLK-1003 questions are community-created and reviewed by moderators to align with Splunk's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the SPLK-1003 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Splunk documentation and hands-on experience for best results.

SPLK-1003 Practice Exam — Free 204+ Questions

204Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Page 1 of 9 • Questions 1-25 of 204

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which Splunk component requires a Forwarder license?

A Search head
B Heavy forwarder
C Heaviest forwarder
D Universal forwarder

Where should apps be located on the deployment server that the clients pull from?

A $SPLUNK_HOME/etc/apps
B $SPLUNK_HOME/etc/search
C $SPLUNK_HOME/etc/master-apps
D $SPLUNK_HOME/etc/deployment-apps

To set up a network input in Splunk, what needs to be specified?

A File path.
B Username and password.
C Network protocol and port number.
D Network protocol and MAC address.

Which of the following statements describe deployment management? (Choose all that apply.)

A Requires an Enterprise license.
B Is responsible for sending apps to forwarders.
C Once used, is the only way to manage forwarders.
D Can automatically restart the host OS running the forwarder.

During search time, which directory of configuration files has the highest precedence?

A $SPLUNK_HOME/etc/system/local
B $SPLUNK_HOME/etc/system/default
C $SPLUNK_HOME/etc/apps/app1/local
D $SPLUNK_HOME/etc/users/admin/local

What options are available when creating custom roles? (Choose all that apply.)

A Restrict search terms.
B Whitelist search terms.
C Limit the number of concurrent search jobs.
D Allow or restrict indexes that can be searched.

Which of the following statements apply to directory inputs? (Choose all that apply.)

A All discovered text files are consumed.
B Compressed files are ignored by default.
C Splunk recursively traverses through the directory structure.
D When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.

Which of the following authentication types requires scripting in Splunk?

A ADFS
B LDAP
C SAML
D RADIUS

Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?

A Any OS platform.
B Linux platform only.
C Windows platform only.
D None of the above.

In this sourcetype definition the MAX_TIMESTAMP_LOOKAHEAD is missing. Which value would fit best?
[sshd_syslog]
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([\r\n]+)\d4-\d2-\d2 \d2:\d2:\d2

SHOULD_LINEMERGE = false -

TRUNCATE = 0 -
Event example:
2018-04-13 13:42:41.214 -0500 server sshd[26219]: Connection from 172.0.2.60 port 47366

A MAX_TIMESTAMP_LOOKAHEAD = 5
B MAX_TIMESTAMP_LOOKAHEAD = 10
C MAX_TIMESTAMP_LOOKAHEAD = 20
D MAX_TIMESTAMP_LOOKAHEAD = 30

Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

A Indexers
B Forwarder
C Search head
D Search peers

How often does Splunk recheck the LDAP server?

A Every 5 minutes.
B Each time a user logs in.
C Each time Splunk is restarted.
D Varies based on LDAP_refresh setting.

Which of the following apply to how distributed search works? (Choose all that apply.)

A The search head dispatches searches to the peers.
B The search peers pull the data from the forwarders.
C Peers run searches in parallel and return their portion of results.
D The search head consolidates the individual results and prepares reports.

You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list `"-debug. What will the output be?

A A list of all the configurations on-disk that Splunk contains.
B A verbose list of all configurations as they were when splunkd started.
C A list of props.conf configurations as they are on-disk along with a file path from which the configuration is located.
D A list of the current running props.conf configurations along with a file path from which the configuration was made.

How does the Monitoring Console monitor forwarders?

A By pulling internal logs from forwarders.
B By using the forwarder monitoring add-on.
C With internal logs forwarded by forwarders.
D With internal logs forwarded by deployment server.

Which of the following is a valid distributed search group?

A [distributedSearch:Paris] default = false servers = server1, server2
B [searchGroup:Paris] default = false servers = server1:8089, server2:8089
C [searchGroup:Paris] default = false servers = server1:9997, server2:9997
D [distributedSearch:Paris] default = false servers = server1:8089; server2:8089

Which of the following are supported options when configuring optional network inputs?

A Metadata override, sender filtering options, network input queues (quantum queues)
B Metadata override, sender filtering options, network input queues (memory/persistent queues)
C Filename override, sender filtering options, network output queues (memory/persistent queues)
D Metadata override, receiver filtering options, network input queues (memory/persistent queues)

Which setting in indexes.conf allows data retention to be controlled by time?

A maxDaysToKeep
B moveToFrozenAfter
C maxDataRetentionTime
D frozenTimePeriodInSecs

This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog]
sourcetype=maillog
index=syslog
Which file is now monitored?

A /var/log/messages
B /var/log/maillog
C /var/log/maillog and /var/log/messages
D none of the above

What hardware attribute would you need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?

A Disk
B CPUs
C Memory
D Network interface cards

In which Splunk configuration is the SEDCMD used?

A props.conf
B inputs.conf
C indexes.conf
D transforms.conf

Which parent directory contains the configuration files in Splunk?

A $SPLUNK_HOME/etc
B $SPLUNK_HOME/var
C $SPLUNK_HOME/conf
D $SPLUNK_HOME/default

Which forwarder type can parse data prior to forwarding?

A Universal forwarder
B Heaviest forwarder
C Hyper forwarder
D Heavy forwarder

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

A Deployer
B Cluster master
C Deployment server
D Search head cluster master

In which phase of the index time process does the license metering occur?

A Input phase
B Parsing phase
C Indexing phase
D Licensing phase

SPLK-1003Preview

About the SPLK-1003 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

SPLK-1003Preview

About the SPLK-1003 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25