SPLK-1001 Online Practice Questions and Answers
What is a suggested Splunk best practice for naming reports?
A. Reports are best named using many numbers so they can be more easily sorted.
B. Use a consistent naming convention so they are easily separated by characteristics such as group and object.
C. Name reports as uniquely as possible with no overlap to differentiate them from one another.
D. Any naming convention is fine as long as you keep an external spreadsheet to keep track.
What is the purpose of using a by clause with the stats command?
A. To group the results by one or more fields.
B. To compute numerical statistics on each field.
C. To specify how the values in a list are delimited.
D. To partition the input data based on the split-by fields.
What can be configured using the Edit Job Settings menu?
A. Export the results to CSV format
B. Add the Job results to a dashboard
C. Schedule the Job to re-run in 10 minutes
D. Change Job Lifetime from 10 minutes to 7 days.
Which of the following describes lookup files?
A. Lookup fields cannot be used in searches
B. Lookups contain static data available in the index
C. Lookups add more fields to results returned by a search
D. Lookups pull data at index time and add them to search results
When running searches command modifiers in the search string are displayed in what color?
A. Red
B. Blue
C. Orange
D. Highlighted
This search will return 20 results. SEARCH: error | top host limit = 20
A. True
B. False
When writing searches in Splunk, which of the following is true about Booleans?
A. They must be lowercase.
B. They must be uppercase.
C. They must be in quotations.
D. They must be in parentheses.
Which command is used to review the contents of a specified static lookup file?
A. lookup
B. csvlookup
C. inputlookup
D. outputlookup
When looking at a statistics table, what is one way to drill down to see the underlying events?
A. Creating a pivot table.
B. Clicking on the visualizations tab.
C. Viewing your report in a dashboard.
D. Clicking on any field value in the table.
Data sources being opened and read applies to:
A. None of the above
B. Indexing Phase
C. Parsing Phase
D. Input Phase
E. License Metering
The better way of writing search query for index is:
A. index=a index=b
B. (index=a OR index=b)
C. index=(a and b)
D. index = a, b
When viewing results of a search job from the Activity menu, which of the following is displayed?
A. New events based on the current time range picker
B. The same events based on the current time range picker
C. The same events from when the original search was executed
D. New events in addition to the same events from the original search
What is a quick, comprehensive way to learn what data is present in a Splunk deployment?
A. Review Splunk reports
B. Run ./splunk show
C. Click Data Summary in Splunk Web
D. Search index=* sourcetype=* host=*
How can results from a specified static lookup file be displayed?
A. lookup command
B. inputlookup command
C. Settings > Lookups > Input
D. Settings > Lookups > Upload
Why select/choose certbus.com?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
• 6000+ PDF and VCE exam dumps
• 6000+ Free demo downloads available
• 50+ Preparation Labs
• 20+ Representatives Providing 24/7 Support
Copyright © 2004-2024 certbus.com, All Rights Reserved.