ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1003 All Questions

View all questions & answers for the SPLK-1003 exam
Go to Exam

Exam SPLK-1003 topic 1 question 65 discussion

Actual exam question from Splunk's SPLK-1003
Question #: 65
Topic #: 1
[All SPLK-1003 Questions]

Which is a valid stanza for a network input?

  • A. [udp://172.16.10.1:9997] connection = dns sourcetype = dns
  • B. [any://172.16.10.1:10001] connection_host = ip sourcetype = web
  • C. [tcp://172.16.10.1:9997] connection_host = web sourcetype = web
  • D. [tcp://172.16.10.1:10001] connection_host = dns sourcetype = dns
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by roblaw at Nov. 12, 2020, 7:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
roblaw
Highly Voted 3 years, 1 month ago
D. connection_host attributes: dns (TCP), ip (UDP), none (UI)
upvoted 19 times
Hamiltonian
2 years, 5 months ago
Confirmation in inputs.conf under TCP: connection_host = [ip|dns|none]. Thus, web does not exist as an option and must be answer D.
upvoted 4 times
...
...
bobixaka
Most Recent 1 month, 3 weeks ago
Selected Answer: D
D is the correct answer
upvoted 1 times
...
Marco63
1 year, 8 months ago
Selected Answer: D
connection_host = web is not supported attribute value, instead connection_host=dns (answer D) is correct.
upvoted 3 times
...
Apis
1 year, 12 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
Salman23
2 years, 3 months ago
D is correct.... Option C is incorrect because web is not valid for connection_host, Data admin page 142
upvoted 2 times
...
DeltaPotato
2 years, 4 months ago
D - page 142 in Data Admin pdf for options/examples.
upvoted 2 times
...
ckmunich
2 years, 4 months ago
C is right! Port 9997 on TCP is in Splunk the standard port for communication between the forwarders and indexers Port 10001 is a non standard configuration
upvoted 1 times
...
AngusBlack
2 years, 6 months ago
D is correct. Although in theory you could use 9997 when I tried to configure it Splunk said it was not available.
upvoted 2 times
...
sargeholik
2 years, 9 months ago
C. PORT 9997 TCP Splunk port for communication between the forwarders and indexers
upvoted 4 times
...
hwangho
3 years ago
Answer: D https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/Monitornetworkports
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago