Splunk SPLK-1001 Practice Test - Questions Answers, Page 10
Question list
Related questions
Which search string only returns events from hostWWW3?
A.
B. host=WWW3
B.
C. host=WWW*
C.
D. Host=WWW3
What must be done before an automatic lookup can be created? (select all that apply)
A.
The lookup command must be used.
B.
The lookup definition must be created.
C.
The lookup file must be uploaded to Splunk.
D.
The lookup file must be verified using the inputlookup command.
When writing searches in Splunk, which of the following is true about Booleans?
A.
They must be lowercase.
B.
They must be uppercase.
C.
They must be in quotations.
D.
They must be in parentheses.
Which of the following constraints can be used with the top command?
A.
limit
B.
useperc
C.
addtotals
D.
fieldcount
Which of the following represents the Splunk recommended naming convention for dashboards?
A.
Description_Group_Object
B.
Group_Description_Object
C.
Group_Object_Description
D.
Object_Group_Description
How can search results be kept longer than 7 days?
A.
By scheduling a report.
B.
By creating a link to the job.
C.
By changing the job settings.
D.
By changing the time range picker to more than 7 days.
Which of the following is a Splunk search best practice?
A.
Filter as early as possible.
B.
Never specify more than one index.
C.
Include as few search terms as possible.
D.
Use wildcards to return more search results.
How are events displayed after a search is executed?
A.
In chronological order.
B.
Randomly by default.
C.
In reverse chronological order.
D.
Alphabetically according to field name.
After running a search, what effect does clicking and dragging across the timeline have?
A.
Executes a new search.
B.
Filters current search results.
C.
Moves to past or future events.
D.
Expands the time range of the search.
Which command is used to review the contents of a specified static lookup file?
A.
lookup
B.
csvlookup
C.
inputlookup
D.
outputlookup
Question