Splunk SPLK-1001 today updated questions - Verified by Splunk Experts

Splunk Core Certified User Questions and Answers

Question 1

All users by default have WRITE permission to ALL knowledge objects.

Options:

True

False

Question 2

Which of the following searches would return only events that match the following criteria?

• Events are inside the main index

• The field status exists in the event

• The value in the status field does not equal 200

Options:

index==main status!==200

index=main NOT status=200

index==main NOT status==200

index-main status!=200

Question 3

Beginning parentheses is automatically highlighted to guide you on the presence of complimenting

parentheses.

Options:

Yes

Question 4

Which component of Splunk let us write SPL query to find the required data?

Options:

Forwarders

Indexer

Heavy Forwarders

Search head

Question 5

What are Splunk alerts based on?

Options:

Dashboards

Searches

Webhooks

Reports

Question 6

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

Options:

(index=netfw failure) AND index=netops warn OR critical

(index=netfw failure) OR (index=netops (warn OR critical))

(index=netfw failure) AND (index=netops (warn OR critical))

(index=netfw failure) OR index=netops OR (warn OR critical)

Question 7

Which of the following is a Splunk search best practice?

Options:

Filter as early as possible.

Never specify more than one index.

Include as few search terms as possible.

Use wildcards to return more search results.

Question 8

How can another user gain access to a saved report?

Options:

The owner of the report can edit permissions from the Edit dropdown

Only users with an Admin or Power User role can access other users' reports

Anyone can access any reports marked as public within a shared Splunk deployment

The owner of the report must clone the original report and save it to their user account

Question 9

Parsing of data can happen both in HF and UF.

Options:

Yes

Question 10

Which of the following is a metadata field assigned to every event in Splunk?

Options:

host

owner

bytes

action

Question 11

Creating Data Models:

Object ATTRIBUTES do not define ___________.

Options:

a base search for the object

fields for the object

Question 12

Query - status != 100:

Options:

Will return event where status field exist but value of that field is not 100.

Will return event where status field exist but value of that field is not 100 and all events where status field

doesn't exist.

Will get different results depending on data

Question 13

Which of the following statements are correct about Search & Reporting App? (Choose three.)

Options:

Can be accessed by Apps > Search & Reporting.

Provides default interface for searching and analyzing logs.

Enables the user to create knowledge object, reports, alerts and dashboards.

It only gives us search functionality.

Question 14

Every Search in Splunk is also called _____________.

Options:

None of the above

Job

Search Only

Question 15

According to Splunk best practices, which placement of the wildcard results in the most efficient search?

Options:

f*il

*fail

fail*

*fail*

Question 16

This is what Splunk uses to categorize the data that is being indexed.

Options:

sourcetype

index

source

host

Question 17

Which command is used to validate a lookup file?

Options:

| lookup products.csv

inputlookup products.csv

I inputlookup products.csv

| lookup definition products.csv

Question 18

What is the main requirement for creating visualizations using the Splunk UI?

Options:

Your search must transform event data into Excel file format first.

Your search must transform event data into XML formatted data first.

Your search must transform event data into statistical data tables first.

Your search must transform event data into JSON formatted data first.

Question 19

What syntax is used to link key/value pairs in search strings?

Options:

action+purchase

action=purchase

action | purchase

action equal purchase

Question 20

Which search string returns a filed containing the number of matching events and names that field Event Count?

Options:

index=security failure | stats sum as “Event Count”

index=security failure | stats count as “Event Count”

index=security failure | stats count by “Event Count”

index=security failure | stats dc(count) as “Event Count”

Question 21

What is one benefit of creating dashboard panels from reports?

Options:

Any newly created dashboard will include that report.

There are no benefits to creating dashboard panels from reports.

It makes the dashboard more efficient because it only has to run one search string.

Any change to the underlying report will affect every dashboard that utilizes that report.

Question 22

Splunk index time process can be broken down into __________ phases.

Options:

Question 23

Documentations for Splunk can be found at docs.splunk.com

Options:

True

False

Question 24

Which of the following is the most efficient filter for running searches in Splunk?

Options:

Time

Fast mode

Sourcetype

Selected Fields

Question 25

Splunk shows data in __________________.

Options:

ASCII Character order.

Reverse chronological order.

Alphanumeric order.

Chronological order.

Question 26

You can on-board data to Splunk using following means (Choose four.):

Options:

Props

CLI

Splunk Web

savedsearches.conf

Splunk apps and add-ons

indexes.conf

inputs.conf

Question 27

Splunk internal fields contains general information about events and starts from underscore i.e. _ .

Options:

True

False

Question 28

Which statement describes field discovery at search time?

Options:

Splunk automatically discovers only numeric fields

Splunk automatically discovers only alphanumeric fields

Splunk automatically discovers only manually configured fields

Splunk automatically discovers only fields directly related to the search results

Question 29

Which of the following index searches would provide the most efficient search performance?

Options:

index=*

index=web OR index=s*

(index=web OR index=sales)

*index=sales AND index=web*

Question 30

Which is a primary function of the timeline located under the search bar?

Options:

To differentiate between structured and unstructured events in the data

To sort the events returned by the search command in chronological order

To zoom in and zoom out. although this does not change the scale of the chart

To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime

Question 31

This is what Splunk uses to categorize the data that is being indexed.

Options:

Host

Sourcetype

Index

Source

Question 32

In the fields sidebar, which character denotes alphanumeric field values?

Options:

Question 33

When looking at a dashboard panel that is based on a report, which of the following is true?

Options:

You can modify the search string in the panel, and you can change and configure the visualization.

You can modify the search string in the panel, but you cannot change and configure the visualization.

You cannot modify the search string in the panel, but you can change and configure the visualization.

You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Question 34

What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?

Options:

latest=-2h

earliest=-2h

latest=-2hour@d

earliest=-2hour@d

Question 35

You are able to create new Index in Data Input settings.

Options:

Yes

Question 36

What are the three main Splunk components?

Options:

Search head, GPU, streamer

Search head, indexer, forwarder

Search head, SQL database, forwarder

Search head, SSD, heavy weight agent

Question 37

Splunk Components:

Which of the following are responsible for reducing search results?

Options:

search heads

indexers

forwarders

Question 38

Machine data can be in structured and unstructured format.

Options:

False

True

Question 39

When viewing results of a search job from the Activity menu, which of the following is displayed?

Options:

New events based on the current time range picker

The same events based on the current time range picker

The same events from when the original search was executed

New events in addition to the same events from the original search

Question 40

What is Search Assistant in Splunk?

Options:

It is only available to Admins.

Such feature does not exist in Splunk.

Shows options to complete the search string

Question 41

When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?

Options:

$SPLUNK_HOME/bin/scripts

$SPLUNK_HOME/etc/scripts

$SPLUNK_HOME/bin/etc/scripts

$SPLUNK_HOME/etc/scripts/bin

Question 42

We should use heavy forwarder for sending event-based data to Indexers.

Options:

False

True

Question 43

When a search returns __________, you can view the results as a list.

Options:

a list of events

transactions

statistical values

Question 44

36. Lookups can be private for a user.

Options:

True

False

Question 45

What determines the scope of data that appears in a scheduled report?

Options:

All data accessible to the User role will appear in the report.

All data accessible to the owner of the report will appear in the report.

All data accessible to all users will appear in the report until the next time the report is run.

The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time.

Question 46

Which Field/Value pair will return only events found in the index named security?

Options:

Index=Security

index=Security

Index=security

index!=Security

Question 47

Which search string only returns events from hostWWW3?

Options:

B. host=WWW3

C. host=WWW*

D. Host=WWW3

Question 48

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Options:

host

index

source

sourcetype

Question 49

What type of search can be saved as a report?

Options:

Any search can be saved as a report

Only searches that generate visualizations

Only searches containing a transforming command

Only searches that generate statistics or visualizations

Question 50

At the time of searching the start time is 03:35:08.

Will it look back to 03:00:00 if we use -30m@h in searching?

Options:

Yes

Question 51

You can view the search result in following format (Choose three.):

Options:

Table

Raw

Pie Chart

List

Question 52

Which of the following is an accurate definition of fields within Splunk?

Options:

Inherent entities that exist in event data.

A searchable key/value pair in event data.

Values pulled exclusively from lookup tables.

A non-searchable name/value pair used while indexing data.

Question 53

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

Options:

the_questionnaire _pedia

the_questionnaire pedia

the_questionnaire_pedia

the_questionnaire Pedia

Question 54

Given the following SPL search, how many rows of results would you expect to be returned by default? index=security sourcetype=linux_secure (fail* OR invalid) I top src__ip

Options:

100

Question 55

Fields are searchable key value pairs in your event data.

Options:

True

False

Question 56

What user interface component allows for time selection?

Options:

Time summary

Time range picker

Search time picker

Data source time statistics

Question 57

At index time, in which field does Splunk store the timestamp value?

Options:

time

_time

EventTime

timestamp

Question 58

Matching of parentheses is a feature of Splunk Assistant.

Options:

Yes

Question 59

Field values are case sensitive.

Options:

True

False

Question 60

Select the best options for "search best practices" in Splunk:

(Choose five.)

Options:

Select the time range always.

Try to specify index values.

Include as many search terms as possible.

Never select time range.

Try to use * with every search term.

Inclusion is generally better than exclusion.

Try to keep specific search terms.

Question 61

Which search will return only events containing the word “error” and display the results as a table that includes

the fields named action, src, and dest?

Options:

error | table action, src, dest

error | tabular action, src, dest

error | stats table action, src, dest

error | table column=action column=src column=dest

Question 62

When placed early in a search, which command is most effective at reducing search execution time?

Options:

dedup

rename

sort -

fields +

Question 63

Which component of Splunk is primarily responsible for saving data?

Options:

Search Head

Heavy Forwarder

Indexer

Universal Forwarder

Question 64

Which of the following are not true about lookups? (Select all that apply.)

Options:

Lookups can be time based

Search results can be used to populate a lookup table

Splunk DB Connect can be used to populate a lookup table from relational databases

Output from a script can be used to populate a lookup table

Lookup have a 10mg maximum size limit

Question 65

How does Splunk determine which fields to extract from data?

Options:

Splunk only extracts the most interesting data from the last 24 hours.

Splunk only extracts fields users have manually specified in their data.

Splunk automatically extracts any fields that generate interesting visualizations.

Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

Question 66

@ Symbol can be used in advanced time unit option.

Options:

Yes

Question 67

In the Search and Reporting app, which is a default selected field?

Options:

index

action

_time

host

Question 68

Monitor option in Add Data provides _______________.

Options:

Only continuous monitoring.

Only One-time monitoring.

None of the above.

Both One-time and continuous monitoring

Question 69

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

Options:

| rare top=5

| top rare=5

| top limit=5

| rare limit=5

Question 70

What does the following specified time range do?

earliest=-72h@h latest=@d

Options:

Look back 3 days ago and prior

Look back 72 hours up to one day ago

Look back 72 hours, up to the end of today

Look back from 3 days ago up to the beginning of today

Question 71

What does the stats command do?

Options:

Automatically correlates related fields

Converts field values into numerical values

Calculates statistics on data that matches the search criteria

Analyzes numerical fields for their ability to predict another discrete field

Question 72

How can results from a specified static lookup file be displayed?

Options:

lookup command

inputlookup command

Settings > Lookups > Input

Settings > Lookups > Upload

Question 73

The better way of writing search query for index is:

Options:

index=a index=b

(index=a OR index=b)

index=(a & b)

index = a, b

Load More SPLK-1001 Questions

Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Splunk SPLK-1001 Splunk Core Certified User Exam Practice Test

Splunk Core Certified User Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options: