SPLK-1001 Exam Questions

When a Splunk search generates calculated data that appears in the Statistics tab. in what formats can the results be exported?

Which of the following are functions of the stats command?

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

Which search matches the events containing the terms "error" and "fail"?

Which of the following is an option after clicking an item in search results?

Can you stop or pause the searching?

You can also specify a time range in the search bar. You can use the following for beginning and ending for a time range (Choose two.):

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)

Interesting fields are the fields that have at least 20% of resulting fields.

How to make Interesting field into a selected field?

Field names are case sensitive and field value are not.

!= and NOT are same arguments.

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

What does the stats command do?

Which is a primary function of the timeline located under the search bar?

Which statement is true about Splunk alerts?

What can be configured using the Edit Job Settings menu?

Which command is used to validate a lookup file?

Which stats command function provides a count of how many unique values exist for a given field in the result set?

What user interface component allows for time selection?

When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?

When editing a dashboard, which of the following are possible options? (select all that apply)

Which of the following index searches would provide the most efficient search performance?

Which of the following is the most efficient search?

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

When viewing results of a search job from the Activity menu, which of the following is displayed?

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

Assuming a user has the capability to edit reports, which of the following are editable?

Which of the following is a metadata field assigned to every event in Splunk?

What are the two most efficient search filters?

Which of the following is the best way to create a report that shows the last 24 hours of events?

When is the pipe character, I, used in search strings?

Which command automatically returns percent and count columns when executing searches?

Which of the following describes lookup files?

When running searches command modifiers in the search string are displayed in what color?

How do you add or remove fields from search results?

What are the steps to schedule a report?

By default, how long does Splunk retain a search job?

Which Boolean operator is implied between search terms, unless otherwise specified?

What is a primary function of a scheduled report?

When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?

Which search string is the most efficient?

Which search string matches only events with the status_code of 4:4?