Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

SPLK-2002 by Splunk - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which of the following are client filters available in serverclass.conf? (Select all that apply.)

A DNS name.
B IP address.
C Splunk server role.
D Platform (machine type).

Question 4

What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?

A btool.log
B metrics.log
C splunkd.log
D tailing_processor.log

Question 5

Which Splunk tool offers a health check for administrators to evaluate the health of their Splunk deployment?

A btool
B DiagGen
C SPL Clinic
D Monitoring Console

Question 6

In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?

A site_search_factor = origin:2, site1:2, total:4
B site_search_factor = origin:2, site2:1, total:4
C site_replication_factor = origin:2, site1:2, total:4
D site_replication_factor = origin:2, site2:1, total:4

Question 7

Which Splunk Enterprise offering has its own license?

A Splunk Cloud Forwarder
B Splunk Heavy Forwarder
C Splunk Universal Forwarder
D Splunk Forwarder Management

Question 8

Which component in the splunkd.log will log information related to bad event breaking?

A Audittrail
B EventBreaking
C IndexingPipeline
D AggregatorMiningProcessor

Question 9

Which Splunk server role regulates the functioning of indexer cluster?

A Indexer
B Deployer
C Master Node
D Monitoring Console

Question 10

When adding or rejoining a member to a search head cluster, the following error is displayed:
Error pulling configurations from the search head cluster captain; consider performing a destructive configuration resync on this search head cluster member.
What corrective action should be taken?

A Restart the search head.
B Run the splunk apply shcluster-bundle command from the deployer.
C Run the clean raft command on all members of the search head cluster.
D Run the splunk resync shcluster-replicated-config command on this member.

Question 11

Which of the following commands is used to clear the KV store?

A splunk clean kvstore
B splunk clear kvstore
C splunk delete kvstore
D splunk reinitialize kvstore

Question 12

Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?

A Increasing the search factor in the cluster.
B Increasing the replication factor in the cluster.
C Increasing the number of search heads in the cluster.
D Increasing the number of CPUs on the indexers in the cluster.

Question 13

Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?

A Increase the maximum number of hot buckets in indexes.conf
B Increase the number of parallel ingestion pipelines in server.conf
C Decrease the maximum size of the search pipelines in limits.conf
D Decrease the maximum concurrent scheduled searches in limits.conf

Question 14

The guidance Splunk gives for estimating size on for syslog data is 50% of original data size. How does this divide between files in the index?

A rawdata is: 10%, tsidx is: 40%
B rawdata is: 15%, tsidx is: 35%
C rawdata is: 35%, tsidx is: 15%
D rawdata is: 40%, tsidx is: 10%

Question 15

A three-node search head cluster is skipping a large number of searches across time. What should be done to increase scheduled search capacity on the search head cluster?

A Create a job server on the cluster.
B Add another search head to the cluster.
C server.conf captain_is_adhoc_searchhead = true.
D Change limits.conf value for max_searches_per_cpu to a higher value.

Question 16

The frequency in which a deployment client contacts the deployment server is controlled by what?

A polling_interval attribute in outputs.conf
B phoneHomeIntervalInSecs attribute in outputs.conf
C polling_interval attribute in deploymentclient.conf
D phoneHomeIntervalInSecs attribute in deploymentclient.conf

Question 17

To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?

A repFactor = 0
B replicate = 0
C repFactor = auto
D replicate = auto

Question 18

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)

A Check serverclass.conf of the deployment server.
B Check deploymentclient.conf of the deployment client.
C Check the content of SPLUNK_HOME/etc/apps of the deployment server.
D Search for relevant events in splunkd.log of the deployment server.

Question 19

Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?

A Data encryption between Splunk Web and splunkd.
B Certificate authentication between forwarders and indexers.
C Certificate authentication between Splunk Web and search head.
D Data encryption for distributed search between search heads and indexers.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 4 • Questions 1-25 of 91

1 2 3 4

→

Know a question that should be here? Contribute to this exam

Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?

A Setting the cluster search factor to N-1.
B Increasing the number of buckets per index.
C Decreasing the data model acceleration range.
D Setting the cluster replication factor to N-1.

Which index-time props.conf attributes impact indexing performance? (Select all that apply.)

A REPORT
B LINE_BREAKER
C ANNOTATE_PUNCT
D SHOULD_LINEMERGE