ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1003 All Questions

View all questions & answers for the SPLK-1003 exam
Go to Exam

Exam SPLK-1003 topic 1 question 50 discussion

Actual exam question from Splunk's SPLK-1003
Question #: 50
Topic #: 1
[All SPLK-1003 Questions]

Which of the following indexes come pre-configured with Splunk Enterprise? (Choose all that apply.)

  • A. _licence
  • B. _internal
  • C. _external
  • D. _thefishbucket
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by jgab at Nov. 3, 2020, 2:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ChantreyC
Highly Voted 4 years, 1 month ago
B & D - pg 95 SysAdmin pdf
upvoted 8 times
...
Sandy_1988
Highly Voted 4 years, 1 month ago
BD are the options
upvoted 6 times
...
3bd8ac0
Most Recent 1 week, 5 days ago
Selected Answer: B
B&D are correct as per the System Admin official Course: Preconfigured Indexes list: Index name Purpose _internal To index Splunk’s own logs and metrics _audit To store Splunk audit trails and other optional auditing information _introspection To track system performance, Splunk resource usage data, and provide Monitoring Console (MC) with performance data _thefishbucket To contain checkpoint information for file monitoring inputs summary Default index for summary indexing system main Default index for inputs; located in the defaultdb directory
upvoted 1 times
...
3bd8ac0
2 weeks, 4 days ago
Selected Answer: D
B&D, System admin course, page 171. Preconfigured Indexes: _internal To index Splunk’s own logs and metrics _audit To store Splunk audit trails and other optional auditing information _introspection To track system performance, Splunk resource usage data, and provide Monitoring Console (MC) with performance data _thefishbucket To contain checkpoint information for file monitoring inputs summary Default index for summary indexing system main Default index for inputs; located in the defaultdb directory
upvoted 1 times
...
MonicaKarim
1 month ago
Selected Answer: B
B&D choose all that apply
upvoted 1 times
...
65aab2c
4 months, 1 week ago
Index name Purpose _internal To index Splunk’s own logs and metrics _audit To store Splunk audit trails and other optional auditing information _introspection To track system performance, Splunk resource usage data, and provide Monitoring Console (MC) with performance data _thefishbucket To contain checkpoint information for file monitoring inputs summary Default index for summary indexing system main Default index for inputs; located in the defaultdb directory
upvoted 2 times
...
samsam5136431
7 months, 2 weeks ago
Selected Answer: D
B and D
upvoted 1 times
...
allahsal
11 months, 4 weeks ago
Selected Answer: B
B and D
upvoted 2 times
...
HNaka
1 year ago
Selected Answer: D
B and D _internal To index Splunk’s own logs and metrics _audit To store Splunk audit trails and other optional auditing information _introspection To track system performance, Splunk resource usage data, and provide Monitoring Console (MC) with performance data _thefishbucket To contain checkpoint information for file monitoring inputs summary Default index for summary indexing system main Default index for inputs; located in the defaultdb directory
upvoted 1 times
...
adamsca
1 year, 10 months ago
B & D are correct
upvoted 1 times
...
oswaldek
2 years, 2 months ago
Selected Answer: B
_thefishbucket looks decommitted https://community.splunk.com/t5/Splunk-Search/How-do-I-activate-quot-thefishbucket-quot-index/m-p/410263
upvoted 2 times
...
Steve2610
2 years, 6 months ago
Selected Answer: B
B and D System Admin Slide 105
upvoted 3 times
...
huu_nguyen
3 years ago
B and D are my final answers
upvoted 5 times
...
Apis
3 years, 1 month ago
Selected Answer: B
B & D are correct
upvoted 4 times
...
lilsem
3 years, 5 months ago
B, D are the correct answer. After installing Splunk 8.2 on my local machine I checked the default indexes.conf, and there is the fishbucket index configured.
upvoted 3 times
ucsdmiami2020
3 years, 4 months ago
Agreed B and D. Quoting the Splunk Reference URL https://www.splunk.com/en_us/blog/tips-and-tricks/what-is-this-fishbucket-thing.html "t’s time for a little Indexing 101. If you look in the directory where your Splunk datastore resides (default location /opt/splunk/var/lib/splunk) you will find a directory called fishbucket. This index is not really intended for normal humans to investigate, more just Splunk engineers trying to decipher file input issues. It contains seek pointers and CRCs for the files you are indexing, so splunkd can tell if it has read them already. To see what’s there, try searching for “index=_thefishbucket”. Events look something like this:"
upvoted 1 times
...
...
furiousjase
3 years, 5 months ago
I believe the only answer is B. The other preconfigured indexes are: main: The default Splunk Enterprise index. All processed external data is stored here unless otherwise specified. _internal: This index includes Splunk Enterprise internal logs. _metrics: This index contains Splunk Enterprise internal data, stored in the form of metric data points. _audit: Events from the file system change monitor, auditing, and all user search history. _introspection: This index provides data about the Splunk Enterprise instance and environment . https://docs.splunk.com/Documentation/Splunk/8.2.2/Indexer/Aboutmanagingindexes
upvoted 2 times
SasnycoN
3 years, 2 months ago
_thefishbucket is also preconfigured. Just checked on my installation. Can confirm B and D
upvoted 1 times
...
...
rodrigok
3 years, 10 months ago
B & D sounds better
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago