ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1001

Splunk SPLK-1001 Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)
Which of the following is a metadata field assigned to every event in Splunk?
Beginning parentheses is automatically highlighted to guide you on the presence of complimenting parentheses.
Which of the following is an accurate definition of fields within Splunk?
What are the three main Splunk components?
Which search will return the 15 least common field values for the dest_ip field?
Selected fields are a set of configurable fields displayed for each event.
Field names are case sensitive and field value are not.
You are able to create new Index in Data Input settings.
Uploading local files though Upload options index the file only once.

Question 11

Report
Export
Collapse

Which of the following are functions of the stats command?

A.
count, sum, add
A.
count, sum, add
Answers
B.
count, sum, less
B.
count, sum, less
Answers
C.
sum, avg, values
C.
sum, avg, values
Answers
D.
sum, values, table
D.
sum, values, table
Answers
Suggested answer: C

Question 12

Report
Export
Collapse

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

A.
No events will be returned.
A.
No events will be returned.
Answers
B.
Splunk will prompt you to specify an index.
B.
Splunk will prompt you to specify an index.
Answers
C.
All non-indexed events to which the user has access will be returned.
C.
All non-indexed events to which the user has access will be returned.
Answers
D.
Events from every index searched by default to which the user has access will be returned.
D.
Events from every index searched by default to which the user has access will be returned.
Answers
Suggested answer: D

Question 13

Report
Export
Collapse

Which search matches the events containing the terms "error" and "fail"?

A.
index=security Error Fail
A.
index=security Error Fail
Answers
B.
index=security error OR fail
B.
index=security error OR fail
Answers
C.
index=security "error failure"
C.
index=security "error failure"
Answers
D.
index=security NOT error NOT fail
D.
index=security NOT error NOT fail
Answers
Suggested answer: A

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/Search

Question 14

Report
Export
Collapse

Which of the following is an option after clicking an item in search results?

A.
Saving the item to a report
A.
Saving the item to a report
Answers
B.
Adding the item to the search.
B.
Adding the item to the search.
Answers
C.
Adding the item to a dashboard
C.
Adding the item to a dashboard
Answers
D.
Saving the search to a JSON file.
D.
Saving the search to a JSON file.
Answers
Suggested answer: A

Question 15

Report
Export
Collapse

When placed early in a search, which command is most effective at reducing search execution time?

A.
dedup
A.
dedup
Answers
B.
rename
B.
rename
Answers
C.
sort -
C.
sort -
Answers
D.
fields +
D.
fields +
Answers
Suggested answer: A

Question 16

Report
Export
Collapse

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

A.
App, Owner, Severity, and Type
A.
App, Owner, Severity, and Type
Answers
B.
App, Owner, Priority, and Status
B.
App, Owner, Priority, and Status
Answers
C.
App, Dashboard, Severity, and Type
C.
App, Dashboard, Severity, and Type
Answers
D.
App, Time Window, Type, and Severity
D.
App, Time Window, Type, and Severity
Answers
Suggested answer: D

Question 17

Report
Export
Collapse

When displaying results of a search, which of the following is true about line charts?

A.
Line charts are optimal for single and multiple series.
A.
Line charts are optimal for single and multiple series.
Answers
B.
Line charts are optimal for single series when using Fast mode.
B.
Line charts are optimal for single series when using Fast mode.
Answers
C.
Line charts are optimal for multiple series with 3 or more columns.
C.
Line charts are optimal for multiple series with 3 or more columns.
Answers
D.
Line charts are optimal for multiseries searches with at least 2 or more columns.
D.
Line charts are optimal for multiseries searches with at least 2 or more columns.
Answers
Suggested answer: C

Question 18

Report
Export
Collapse

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

A.
An app
A.
An app
Answers
B.
JSON
B.
JSON
Answers
C.
A role
C.
A role
Answers
D.
An enhanced solution
D.
An enhanced solution
Answers
Suggested answer: A

Question 19

Report
Export
Collapse

Which of the following fields is stored with the events in the index?

A.
user
A.
user
Answers
B.
source
B.
source
Answers
C.
location
C.
location
Answers
D.
sourcelp
D.
sourcelp
Answers
Suggested answer: B

Question 20

Report
Export
Collapse

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

A.
Save the search as a report and use it in multiple dashboards as needed
A.
Save the search as a report and use it in multiple dashboards as needed
Answers
B.
Save the search as a dashboard panel for each dashboard that needs the data
B.
Save the search as a dashboard panel for each dashboard that needs the data
Answers
C.
Save the search as a scheduled alert and use it in multiple dashboards as needed
C.
Save the search as a scheduled alert and use it in multiple dashboards as needed
Answers
D.
Export the results of the search to an XML file and use the file as the basis of the dashboards
D.
Export the results of the search to an XML file and use the file as the basis of the dashboards
Answers
Suggested answer: A
Total 246 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms