A customer wants to migrate from using Splunk local accounts to use Active Directory with LDAP for their Splunk user accounts instead. Which configuration files must be modified to connect to an Active Directory LDAP provider?
A customer has a number of inefficient regex replacement transforms being applied. When under heavy load the indexers are struggling to maintain the expected indexing rate. In a worst case scenario, which queue(s) would be expected to fill up?
A new single-site three indexer cluster is being stood up with replication_factor:2, search_factor:2. At which step would the Indexer Cluster be classed as "˜Indexing Ready' and be able to ingest new data?Step 1: Install and configure Cluster Master (CM)/Master Node with base clustering stanza settings, restarting CM.Step 2: Configure a base app in etc/master-apps on the CM to enable a splunktcp input on port 9997 and deploy index creation configurations.Step 3: Install and configure Indexer 1 so that once restarted, it contacts the CM, download the latest config bundle.Step 4: Indexer 1 restarts and has successfully joined the cluster.Step 5: Install and configure Indexer 2 so that once restarted, it contacts the CM, downloads the latest config bundleStep 6: Indexer 2 restarts and has successfully joined the cluster.Step 7: Install and configure Indexer 3 so that once restarted, it contacts the CM, downloads the latest config bundle.Step 8: Indexer 3 restarts and has successfully joined the cluster.
A new search head cluster is being implemented. Which is the correct command to initialize the deployer node without restarting the search head cluster peers?
What is required to setup the HTTP Event Collector (HEC)?
In the diagrammed environment shown below, the customer would like the data read by the universal forwarders to set an indexed field containing the UF's host name. Where would the parsing configurations need to be installed for this to work?
