A customer has a multisite cluster (two sites, each site in its own data center) and users experiencing a slow response when searches are run on search heads located in either site. The Search Job Inspector shows the delay is being caused by search heads on either site waiting for results to be returned by indexers on the opposing site. The network team has confirmed that there is limited bandwidth available between the two data centers, which are in different geographic locations.Which of the following would be the least expensive and easiest way to improve search performance?
A customer is using regex to whitelist access logs and secure logs from a web server, but only the access logs are being ingested. Which troubleshooting resource would provide insight into why the secure logs are not being ingested?
A customer with a large distributed environment has blacklisted a large lookup from the search bundle to decrease the bundle size using distsearch.conf.After this change, when running searches utilizing the lookup that was blacklisted they see error messages in the Splunk Search UI stating the lookup file does not exist.What can the customer do to resolve the issue?
In preparation for the deployment of a new environment for a customer, which of the following mappings are correct per PS best practices?A.B.C.D.
Which of the following statements is true, as it pertains to search head clustering (SHC)?
Where are Splunk Data Model Acceleration (DMA) summaries stored?
