Splunk SPLK-1001 Practice Test - Questions Answers, Page 20
Question list
List of questions
Related questions
Query - status != 100:
A.
Will return event where status field exist but value of that field is not 100.
B.
Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.
C.
Will get different results depending on data
NOT status = 100:
A.
Will display result depending on the data.
B.
Will return event where status field exist but value of that field is not 100.
C.
Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.
Will the queries following below get the same result?
A.
index=log sourcetype=error_log status !=100
B.
index=log sourcetype=error_log NOT status =100
C.
Yes
D.
No
Select the best options for "search best practices" in Splunk:
(Choose five.)
A.
Select the time range always.
B.
Try to specify index values.
C.
Include as many search terms as possible.
D.
Never select time range.
E.
Try to use * with every search term.
F.
Inclusion is generally better than exclusion.
G.
Try to keep specific search terms.
The better way of writing search query for index is:
A.
index=a index=b
B.
(index=a OR index=b)
C.
index=(a & b)
D.
index = a, b
Put query into separate lines where | (Pipes) are used by selecting following options.
A.
CTRL + Enter
B.
Shift + Enter
C.
Space + Enter
D.
ALT + Enter
Selected fields are a set of configurable fields displayed for each event.
A.
True
B.
False
Following are the time selection option while making search:
(Choose all that apply.)
A.
Date & Time Range
B.
Advanced
C.
Date Range
D.
Presets
E.
Relative
Question