Splunk Updated SPLK-1003 Exam Questions and Answers by maximillian

Begin generating internal Splunk logs. Immediately after installation, a Universal Forwarder will start generating internal Splunk logs that contain information about its own operation, such as startup and shutdown events, configuration changes, data ingestion, and forwarding activities1. These logs are stored in the $SPLUNK_HOME/var/log/splunk directory on the Universal Forwarder machine2.

https://docs.splunk.com/Documentation/Splunk/8.0.5/Deploy/Datapipeline

"In the input segment, Splunk software consumes data. It acquires the raw data stream from its source, breaks in into 64K blocks, and annotates each block with some metadata keys."

Splunk REST API is a valid method to create a Splunk user. The Splunk REST API allows administrators to create, edit, and delete users programmatically using HTTP requests. The other options are not valid methods to create a Splunk user. Creating a support ticket does not create a user, but requests assistance from Splunk support. Creating a user on the host operating system does not create a Splunk user, but a system user. Adding the username to users.conf does not create a user, but modifies the configuration file that stores user information. References = Configure users with the CLI, Configure users and roles