Splunk Updated SPLK-2001 Exam Questions and Answers by hiba

 The correct answer is A and B, because for a KV Store, a lookup stanza in the transforms.conf file must contain the collection and fields_list attributes. A lookup stanza is a configuration section in the transforms.conf file that defines the properties of a lookup, such as the lookup type, the lookup file or collection, the input and output fields, and the match type. A lookup is a feature that allows Splunk to enrich the events with additional data from an external source, such as a CSV file or a KV Store collection. For a KV Store lookup, the lookup stanza must have the collection attribute, which specifies the name of the KV Store collection to use, and the fields_list attribute, which specifies the fields to return from the KV Store collection2. The external_type and internal_type attributes are not required for a KV Store lookup, but for a scripted lookup, which is a type of lookup that uses an external script to perform the lookup operation.

 The correct answer is A and B because these are the ways to get a list of search jobs. Option A is correct because you can access the Activity > Jobs page in Splunk Web to see the list of search jobs that you have run or that are shared with you. Option B is correct because you can use Splunk REST to query the /services/search/jobs endpoint to get a list of search jobs. Option C is incorrect because the /services/saved/searches endpoint returns a list of saved searches, not search jobs. Option D is incorrect because the /services/search/sid/results endpoint returns the results of a specific search job, not a list of search jobs. You can find more information about search jobs and their endpoints in the Splunk REST API Reference Manual.

 The correct answer is D, because ensuring components have no Common Vulnerabilities and Exposures (CVE) vulnerabilities is a security best practice for developing Splunk apps. CVE is a list of publicly disclosed information security vulnerabilities and exposures1. Splunk recommends using tools such as npm audit, retire.js, and snyk to scan your app components for CVE vulnerabilities2.

The requirements for arguments sent to the data/indexes endpoint are to specify the datatype and include the name argument. The datatype argument specifies the type of data that is being indexed, such as event, metric, or http. The name argument specifies the name of the index that is being created or updated. The other arguments are either optional or invalid. For more information, see Create an index.