A customer has a network device that transmits logs directly with UDP or TCP over SSL. Using PS best practices, which ingestion method should be used?
A) Open a TCP port with SSL on a heavy forwarder to parse and transmit the data to the indexing tier.
B) Open a UDP port on a universal forwarder to parse and transmit the data to the indexing tier.
C) Use a syslog server to aggregate the data to files and use a heavy forwarder to read and transmit the data to the indexing tier. Use a syslog server to aggregate the data to files and use a heavy forwarder to read and transmit the data to the indexing tier.
D) Use a syslog server to aggregate the data to files and use a universal forwarder to read and transmit the data to the indexing tier. server to aggregate the data to files and use a universal forwarder to read and transmit the data to the indexing tier.
Correct Answer:
Verified
Q20: A customer has asked for a five-node
Q21: In preparation for the deployment of a
Q22: What is the default push mode for
Q23: When setting up a multisite search head
Q24: In the diagrammed environment shown below, the
Q26: When utilizing a subsearch within a Splunk
Q27: A customer is using regex to whitelist
Q28: The Splunk Validated Architectures (SVAs) document provides
Q29: A customer has a multisite cluster (two
Q30: What is required to setup the HTTP
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents