A. Can be used to manipulate the sourcetype per event.
B. Can only be used to mask or truncate raw data.
C. Configured in props.conf and transform.conf.
D. Operates on a REGEX pattern match of the source, sourcetype, or host of an event.
A. Install apps via the Request Install button.
B. Install apps via self-service.
C. Install apps that have not gone through the vetting process.
D. Deploy premium apps.
A. indexes_edit, edit___token, admin_all_objects, delete_by_keyword
B. indexes_edit, fsh_manage, admin_all_objects can_delete
C. indexes_edit, fsh_manage, acs_conf, list_indexesdiscovert
D. indexes_edit, edit_token_http, admin _all objects, edit limits_conf
A. Download from Splunkbase using splunk.com credentials.
B. Download from the email sent to the person listed in the SHIP TO: field when the customer licensed Splunk Cloud.
C. Use the wget URL presented when an sc_admin user logs in for the first time.
D. Download from the Splunk Cloud UI under the Universal Forwarder app.
A. queueSize
B. persistentQueueSize
C. maxQeueSize
D. diskQiioiioiiizo
A. TCP/UDP Feed > Syslog Server with Universal Forwarder > Splunk Cloud
B. TCP/UDP Feed > Heavy Forwarder > Intermediate Forwarder > Splunk Cloud
C. TCP/UDP Feed > Intermediate Forwarder > Heavy Forwarder > Splunk Cloud
D. TCP/UDP Feed > Universal Forwarder > Intermediate Forwarder > Splunk Cloud
A. [host:nyc*]
B. [host::nyc*]
C. [sourcetype::linux_secure]
D. [host=nyc25]
A.
B.
C.
D.
