Splunk Exam SPLK-2003 Topic 1 Question 28 Discussion

Actual exam question for Splunk's SPLK-2003 exam

Question #: 28
Topic #: 1

[All SPLK-2003 Questions]

When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible

AEnter the two queries in the asset as comma separated values.

BConfigure the second query in the Phantom app for Splunk.

CInstall a second Splunk app and configure the query in the second app.

DConfigure a second Splunk asset with the second query.

Show Suggested Answer

Suggested Answer: B

by Jerry at Aug 28, 2023, 02:49 PM

Limited Time Offer

25%

Off

Get Premium SPLK-2003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Filiberto

2 days ago

I think option D) Configure a second Splunk asset with the second query makes more sense, as it keeps things separate and organized.

upvoted 0 times

...

Johnson

4 days ago

I disagree, I believe the correct answer is B) Configure the second query in the Phantom app for Splunk.

upvoted 0 times

...

I'm not sure why you'd want to run two different on_poll searches, but if that's what's required, then Option D is the best choice. Trying to cram everything into one asset just seems like a recipe for disaster.

upvoted 0 times

...

Lynelle

8 days ago

I think the answer is A) Enter the two queries in the asset as comma separated values.

upvoted 0 times

...

Beckie

9 days ago

Option D seems like the way to go. You need to configure a second Splunk asset to run the second on_poll search. Keeping things organized and separated is key in these situations.

upvoted 0 times

...

Splunk Exam SPLK-2003 Topic 1 Question 28 Discussion

Contribute your Thoughts:

Filiberto

Johnson

Theron

Lynelle

Beckie