SPLK-1001 Exam Questions

When placed early in a search, which command is most effective at reducing search execution time?

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

When displaying results of a search, which of the following is true about line charts?

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

Which of the following fields is stored with the events in the index?

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

What must be done in order to use a lookup table in Splunk?

What is a suggested Splunk best practice for naming reports?

Which of the following Splunk components typically resides on the machines where data originates?

What does the following specified time range do? earliest=-72h@h latest=@d

Which of the following is true about user account settings and preferences?

Which of the following are common constraints of the top command?

What is the purpose of using a by clause with the stats command?

Which events will be returned by the following search string? host=www3 status=503

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

At index time, in which field does Splunk store the timestamp value?

Which statement is true about the top command?

What determines the scope of data that appears in a scheduled report?

What is the main requirement for creating visualizations using the Splunk UI?

How can another user gain access to a saved report?

What is the primary use for the rare command1?

What happens when a field is added to the Selected Fields list in the fields sidebar'?

By default, which of the following is a Selected Field?

According to Splunk best practices, which placement of the wildcard results in the most efficient search?

This function of the stats command allows you to return the sample standard deviation of a field.

Which of the following commands will show the maximum bytes?

This search will return 20 results. SEARCH: error | top host limit = 20

Which of the following searches will show the number of categoryld used by each host?

This clause is used to group the output of a stats command by a specific name.

This function of the stats command allows you to return the middle-most value of field X.

When a search returns __________, you can view the results as a list.

Clicking a SEGMENT on a chart, ________.

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.

36. Lookups can be private for a user.

In automatic lookup definitions, the _____ fields are those that are not in the event data.

What is the correct order of steps for creating a new lookup? 1. Configure the lookup to run automatically 2. Create the lookup table 3. Define the lookup

The command shown here does witch of the following: Command: |outputlookup products.csv

Which of the following are not true about lookups? (Select all that apply.)

Lookups allow you to overwrite your raw event.

It is mandatory for the lookup file to have this for an automatic lookup to work.

By default, all users have DELETE permission to ALL knowledge objects.

These users can create global knowledge objects. (Select all that apply.)

All users by default have WRITE permission to ALL knowledge objects.

Creating Data Models: Object ATTRIBUTES do not define ___________.

Creating Data Models: Fields associated with a data set are known as ______.

Splunk Components: Which of the following are responsible for reducing search results?

Splunk Components: Which of the following are responsible for parsing incoming data and storing data on disc?

This is what Splunk uses to categorize the data that is being indexed.

This is what Splunk uses to categorize the data that is being indexed.

It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.