When looking at a dashboard panel that is based on a report, which of the following is true?

You cannot modify the search string in the panel, but you can change and configure the visualization.

You can modify the search string in the panel, and you can change and configure the visualization.

You can modify the search string in the panel, but you cannot change and configure the visualization.

You cannot modify the search string in the panel, but you can change and configure the visualization.

You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Which of the following is a best practice when writing a search string?

Include the search terms at the beginning of the search string

Include all formatting commands before any search terms

Include at least one function as this is a search requirement

Include the search terms at the beginning of the search string

Avoid using formatting clauses as they add too much overhead

What type of search can be saved as a report?

Only searches that generate statistics or visualizations

Any search can be saved as a report

Only searches that generate visualizations

Only searches containing a transforming command

Only searches that generate statistics or visualizations

When viewing the results of a search, what is an Interesting Field?

A field that appears in at least 20% of the events

A field that appears in any event

A field that appears in every event

A field that appears in the top 10 events

A field that appears in at least 20% of the events

What syntax is used to link key/value pairs in search strings?

Relational operators such as =, <, or >

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

Events from every index searched by default to which the user has access will be returned.

Splunk will prompt you to specify an index.

All non-indexed events to which the user has access will be returned.

Events from every index searched by default to which the user has access will be returned.

Which search matches the events containing the terms "error" and "fail"?

index=security NOT error NOT fail

Which of the following is an option after clicking an item in search results?

Saving the search to a JSON file.

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

App, Time Window, Type, and Severity

App, Owner, Priority, and Status

App, Dashboard, Severity, and Type

App, Time Window, Type, and Severity

When displaying results of a search, which of the following is true about line charts?

Line charts are optimal for multiple series with 3 or more columns.

Line charts are optimal for single and multiple series.

Line charts are optimal for single series when using Fast mode.

Line charts are optimal for multiple series with 3 or more columns.

Line charts are optimal for multiseries searches with at least 2 or more columns.

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

Save the search as a report and use it in multiple dashboards as needed

Save the search as a dashboard panel for each dashboard that needs the data

Save the search as a scheduled alert and use it in multiple dashboards as needed

Export the results of the search to an XML file and use the file as the basis of the dashboards

What must be done in order to use a lookup table in Splunk?

The lookup file must be uploaded to Splunk and a lookup definition must be created.

The lookup must be configured to run automatically.

The contents of the lookup file must be copied and pasted into the search bar.

The lookup file must be uploaded to Splunk and a lookup definition must be created.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

What is a suggested Splunk best practice for naming reports?

Use a consistent naming convention so they are easily separated by characteristics such as group and object.

Reports are best named using many numbers so they can be more easily sorted.

Use a consistent naming convention so they are easily separated by characteristics such as group and object.

Name reports as uniquely as possible with no overlap to differentiate them from one another.

Any naming convention is fine as long as you keep an external spreadsheet to keep track.

What does the following specified time range do? earliest=-72h@h latest=@d

Look back from 3 days ago up to the beginning of today

Look back 72 hours up to one day ago

Look back 72 hours, up to the end of today

Look back from 3 days ago up to the beginning of today

Which of the following is true about user account settings and preferences?

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Search & Reporting is the only app that can be set as the default application.

Full names can only be changed by accounts with a Power User or Admin role.

Time zones are automatically updated based on the setting of the computer accessing Splunk.

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

What is the purpose of using a by clause with the stats command?

To group the results by one or more fields.

To compute numerical statistics on each field.

To specify how the values in a list are delimited.

To partition the input data based on the split-by fields.

Which events will be returned by the following search string? host=www3 status=503

All events with a host of www3 that also have a status of 503

All events that either have a host of www3 or a status of 503.

All events with a host of www3 that also have a status of 503

We need more information: we cannot tell without knowing the time range

We need more information a search cannot be run without specifying an index

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

(index=netfw failure) OR (index=netops (warn OR critical))

(index=netfw failure) AND index=netops warn OR critical

(index=netfw failure) OR (index=netops (warn OR critical))

(index=netfw failure) AND (index=netops (warn OR critical))

(index=netfw failure) OR index=netops OR (warn OR critical)

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

index=security sourcetype=access_* status=200 | stats count by price

index=security sourcetype=access_* status=200 stats | count by price

index=security sourcetype=access_* status=200 | stats count by price

index=security sourcetype=access_* status=200 | stats count | by price

index=security sourcetype=access_* | status=200 | stats count by price

What does the stats command do?

Calculates statistics on data that matches the search criteria

Automatically correlates related fields

Converts field values into numerical values

Calculates statistics on data that matches the search criteria

Analyzes numerical fields for their ability to predict another discrete field

Which is a primary function of the timeline located under the search bar?

To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime

To differentiate between structured and unstructured events in the data

To sort the events returned by the search command in chronological order

To zoom in and zoom out. although this does not change the scale of the chart

To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime

Which statement is true about Splunk alerts?

Alerts are based on searches that are either run on a scheduled interval or in real-time.

Alerts are based on searches and when triggered will only send an email notification.

Alerts are based on searches and require cron to run on scheduled interval.

Alerts are based on searches that are run exclusively as real-time.

What can be configured using the Edit Job Settings menu?

Change Job Lifetime from 10 minutes to 7 days.

Export the results to CSV format

Add the Job results to a dashboard

Schedule the Job to re-run in 10 minutes

Change Job Lifetime from 10 minutes to 7 days.

Which command is used to validate a lookup file?

| lookup definition products.csv

When editing a dashboard, which of the following are possible options? (select all that apply)

Drag a dashboard panel to a different location on the dashboard.

Modify the chart type displayed in a dashboard panel.

Drag a dashboard panel to a different location on the dashboard.

Splunk SPLK-1001 Practice Test 1 - Free Online Exam Prep & Questions

Question 1 / 40

What is the correct syntax to count the number of events containing a vendor_action field?

count stats vendor_action

count stats (vendor_action)

stats count (vendor_action)

stats vendor_action (count)

Comment (0)

Splunk SPLK-1001 Practice Test 1

Question

Splunk SPLK-1001 Practice Tests

Practice Tests