SPLK-1001 Exam Questions

Field names are case sensitive.

Splunk internal fields contains general information about events and starts from underscore i.e. _ .

How many main user roles do you have in Splunk?

Which of the following are Splunk premium enhanced solutions? (Choose three.)

Fields are searchable name and value pairings that differentiates one event from another.

Splunk extracts fields from event data at index time and at search time.

Field values are case sensitive.

Splunk indexes the data on the basis of timestamps.

______________ is the default web port used by Splunk.

Which of the following statements are correct about Search & Reporting App? (Choose three.)

Parsing of data can happen both in HF and Indexer.

Monitor option in Add Data provides _______________.

Forward Option gather and forward data to indexers over a receiving port from remote machines.

You can on-board data to Splunk using following means (Choose four.):

Data sources being opened and read applies to:

Select the correct option that applies to Index time processing (Choose three.).

Splunk automatically determines the source type for major data types.

Parsing of data can happen both in HF and UF.

Splunk index time process can be broken down into __________ phases.

In monitor option you can select the following options in GUI.

Uploading local files though Upload options index the file only once.

Where does Licensing meter happen?

Matching search terms are highlighted.

Beginning parentheses is automatically highlighted to guide you on the presence of complimenting parentheses.

Zoom Out and Zoom to Selection re-executes the search.

Every Search in Splunk is also called _____________.

Matching of parentheses is a feature of Splunk Assistant.

Search Assistant is enabled by default in the SPL editor with compact settings.

What is Search Assistant in Splunk?

@ Symbol can be used in advanced time unit option.

The new data uploaded in Splunk are shown in ________________.

You can use the following options to specify start and end time for the query range:

The default host name used in Inputs general settings can not be changed.

Events in Splunk are automatically segregated using data and time.

You are able to create new Index in Data Input settings.

Splunk Parses data into individual events, extracts time, and assigns metadata.

Which of the statements is correct regarding click and drag option in timeline?

Which symbol is used to snap the time?

Which of the statements are correct? (Choose three.)

There are three different search modes in Splunk (Choose three.):

Select the statements that are true for timeline in Splunk (Choose four.):

Keywords are highlighted when you mouse over search results and you can click this search result to (Choose three.):

You can view the search result in following format (Choose three.):

Snapping rounds down to the nearest specified unit.

Data summary button just below the search bar gives you the following (Choose three.):

What options do you get after selecting timeline? (Choose four.)

At the time of searching the start time is 03:35:08. Will it look back to 03:00:00 if we use -30m@h in searching?

Query - status != 100:

NOT status = 100:

Will the queries following below get the same result? 1. index=log sourcetype=error_log status !=100 2. index=log sourcetype=error_log NOT status =100