A customer has implemented their own Role Based Access Control (RBAC) model to attempt to give the Security team different data access than the Operations team by creating two new Splunk roles "" security and operations. In the srchIndexesAllowed setting of authorize.conf, they specified the network index under the security role and the operations index under the operations role. The new roles are set up to inherit the default user role.If a new user is created and assigned to the operations role only, which indexes will the user have access to search?
A customer would like Splunk to delete files after they've been ingested. The Universal Forwarder has read/write access to the directory structure. Which input type would be most appropriate to use in order to ensure files are ingested and then deleted afterwards?
In which directory should base config app(s) be placed to initialize an indexer?
As a best practice which of the following should be used to ingest data on clustered indexers?
When adding a new search head to a search head cluster (SHC), which of the following scenarios occurs?
How does Monitoring Console (MC) initially identify the server role(s) of a new Splunk Instance?
