SPLK-1001 Exam Questions

It is not possible for a single instance of Splunk to manage the input, parsing and indexing of machine.

By default search results are not returned in ________ order.

The stats command will create a _____________ by default.

Which is not a comparison operator in Splunk

Which search string only returns events from hostWWW3?

What must be done before an automatic lookup can be created? (select all that apply)

When writing searches in Splunk, which of the following is true about Booleans?

Which of the following constraints can be used with the top command?

Which of the following represents the Splunk recommended naming convention for dashboards?

How can search results be kept longer than 7 days?

Which of the following is a Splunk search best practice?

How are events displayed after a search is executed?

After running a search, what effect does clicking and dragging across the timeline have?

Which command is used to review the contents of a specified static lookup file?

Which time range picker configuration would return real-time events for the past 30 seconds?

What is one benefit of creating dashboard panels from reports?

Which of the following statements about case sensitivity is true?

What does the rare command do?

Which Boolean operator is always implied between two search terms, unless otherwise specified?

What does the values function of the stats command do?

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

In the fields sidebar, which character denotes alphanumeric field values?

Which of the following searches will return results where fail, 400, and error exist in every event?

Which of the following is the most efficient filter for running searches in Splunk?

How does Splunk determine which fields to extract from data?

Which of the following file types is an option for exporting Splunk search results?

Which search string returns a filed containing the number of matching events and names that field Event Count?

Which search would return events from the access_combined sourcetype?

When looking at a statistics table, what is one way to drill down to see the underlying events?

In the fields sidebar, what indicates that a field is numeric?

What is the primary use for the rare command?

_______________ transforms raw data into events and distributes the results into an index.

Documentations for Splunk can be found at docs.splunk.com

Which component of Splunk is primarily responsible for saving data?

Universal forwarder is recommended for forwarding the logs to indexers.

Splunk apps are used for following (Choose three.):

Three basic components of Splunk are (Choose three.):

What is Splunk?

We should use heavy forwarder for sending event-based data to Indexers.

Splunk Enterprise is used as a Scalable service in Splunk Cloud.

Which component of Splunk let us write SPL query to find the required data?

All components are installed and administered in Splunk Enterprise on-premise.

Log filtering/parsing can be done from _____________.

Which is the default app for Splunk Enterprise?

What kind of logs can Splunk Index?

Splunk shows data in __________________.

Which of the following can be used as wildcard search in Splunk?

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

Prefix wildcards might cause performance issues.

Machine data can be in structured and unstructured format.