The data in Splunk is now subject to auditing and compliance controls. A customer would like to ensure that at least one year of logs are retained for bothWindows and Firewall events. What data retention controls must be configured?
What happens when an index cluster peer freezes a bucket?
A customer has the following Splunk instances within their environment: An indexer cluster consisting of a cluster master/master node and five clustered indexers, two search heads (no search head clustering), a deployment server, and a license master. The deployment server and license master are running on their own single-purpose instances. The customer would like to start using the Monitoring Console (MC) to monitor the whole environment.On the MC instance, which instances will need to be configured as distributed search peers by specifying them via the UI using the settings menu?
What does Splunk do when it indexes events?
What is the default push mode for a search head cluster deployer app configuration bundle?
How does Monitoring Console (MC) initially identify the server role(s) of a new Splunk Instance?
