Splunk Enterprise Security Certified Analyst — Question 26

A new search head cluster is being implemented. Which is the correct command to initialize the deployer node without restarting the search head cluster peers?

Answer options

• A. $SPLUNK_HOME/bin/splunk apply shcluster-bundle
• B. $SPLUNK_HOME/bin/splunk apply cluster-bundle
• C. $SPLUNK_HOME/bin/splunk apply shcluster-bundle ""action stage
• D. $SPLUNK_HOME/bin/splunk apply cluster-bundle ""action stage

Correct answer: C

Explanation

The correct command is C, as it specifically initializes the deployer node for the search head cluster without affecting the peers. Option A is incorrect because it applies the bundle but does not include the necessary action to stage it. Options B and D refer to cluster-bundle commands, which are not applicable to search head clusters.