ExamGecko
Login
Home / Splunk / SPLK-1001 / List of questions
Ask Question

Splunk SPLK-1001 Practice Test - Questions Answers, Page 10

List of questions

Question 91

Report Export Collapse

Which search string only returns events from hostWWW3?

B. host=WWW3
B. host=WWW3
C. host=WWW*
C. host=WWW*
D. Host=WWW3
D. Host=WWW3
Suggested answer: B
asked 23/09/2024
FB Kalaidji
43 questions

Question 92

Report Export Collapse

What must be done before an automatic lookup can be created? (select all that apply)

The lookup command must be used.
The lookup command must be used.
The lookup definition must be created.
The lookup definition must be created.
The lookup file must be uploaded to Splunk.
The lookup file must be uploaded to Splunk.
The lookup file must be verified using the inputlookup command.
The lookup file must be verified using the inputlookup command.
Suggested answer: B
asked 23/09/2024
Luigi Trigilio
46 questions

Question 93

Report Export Collapse

When writing searches in Splunk, which of the following is true about Booleans?

They must be lowercase.
They must be lowercase.
They must be uppercase.
They must be uppercase.
They must be in quotations.
They must be in quotations.
They must be in parentheses.
They must be in parentheses.
Suggested answer: B
asked 23/09/2024
P B
43 questions

Question 94

Report Export Collapse

Which of the following constraints can be used with the top command?

limit
limit
useperc
useperc
addtotals
addtotals
fieldcount
fieldcount
Suggested answer: A
asked 23/09/2024
Himal Rai
46 questions

Question 95

Report Export Collapse

Which of the following represents the Splunk recommended naming convention for dashboards?

Description_Group_Object
Description_Group_Object
Group_Description_Object
Group_Description_Object
Group_Object_Description
Group_Object_Description
Object_Group_Description
Object_Group_Description
Suggested answer: C
asked 23/09/2024
Stephanie Scheffers
45 questions

Question 96

Report Export Collapse

How can search results be kept longer than 7 days?

By scheduling a report.
By scheduling a report.
By creating a link to the job.
By creating a link to the job.
By changing the job settings.
By changing the job settings.
By changing the time range picker to more than 7 days.
By changing the time range picker to more than 7 days.
Suggested answer: A
asked 23/09/2024
Shameez Mohammed
43 questions

Question 97

Report Export Collapse

Which of the following is a Splunk search best practice?

Filter as early as possible.
Filter as early as possible.
Never specify more than one index.
Never specify more than one index.
Include as few search terms as possible.
Include as few search terms as possible.
Use wildcards to return more search results.
Use wildcards to return more search results.
Suggested answer: A
asked 23/09/2024
Tammy Tran
34 questions

Question 98

Report Export Collapse

How are events displayed after a search is executed?

In chronological order.
In chronological order.
Randomly by default.
Randomly by default.
In reverse chronological order.
In reverse chronological order.
Alphabetically according to field name.
Alphabetically according to field name.
Suggested answer: C
asked 23/09/2024
Hermann Saint-Fleur
40 questions

Question 99

Report Export Collapse

After running a search, what effect does clicking and dragging across the timeline have?

Executes a new search.
Executes a new search.
Filters current search results.
Filters current search results.
Moves to past or future events.
Moves to past or future events.
Expands the time range of the search.
Expands the time range of the search.
Suggested answer: B
asked 23/09/2024
Karol Ligeza
46 questions

Question 100

Report Export Collapse

Which command is used to review the contents of a specified static lookup file?

lookup
lookup
csvlookup
csvlookup
inputlookup
inputlookup
outputlookup
outputlookup
Suggested answer: C
asked 23/09/2024
Alfred Macaraeg
51 questions
Total 246 questions
Go to page: of 25
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are the three main Splunk components?
Which of the following is the best way to create a report that shows the last 24 hours of events?
Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)
How are the results of the following search sorted? ... | sort action, ---file, +bytes
Which of the following reports is available in the Fields window?
Put query into separate lines where | (Pipes) are used by selecting following options.
Field names are case sensitive and field value are not.
Zoom Out and Zoom to Selection re-executes the search.
How does Splunk determine which fields to extract from data?
When is an alert triggered?