ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1001

Splunk SPLK-1001 Practice Test - Questions Answers, Page 21

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)
Which of the following is a metadata field assigned to every event in Splunk?
Beginning parentheses is automatically highlighted to guide you on the presence of complimenting parentheses.
Which of the following is an accurate definition of fields within Splunk?
In the Search and Reporting app, which is a default selected field?
What are the three main Splunk components?
Which search will return the 15 least common field values for the dest_ip field?
Selected fields are a set of configurable fields displayed for each event.
Field names are case sensitive and field value are not.
You are able to create new Index in Data Input settings.

Question 201

Report
Export
Collapse

When saving a search directly to a dashboard panel instead of saving as a report first, which of the following is created?

A.
Cloned panel
A.
Cloned panel
Answers
B.
Inline panel
B.
Inline panel
Answers
C.
Report panel
C.
Report panel
Answers
D.
Prebuilt panel
D.
Prebuilt panel
Answers
Suggested answer: C

Question 202

Report
Export
Collapse

Which of the following statements describes a search job?

A.
Once a search job begins, it cannot be stopped
A.
Once a search job begins, it cannot be stopped
Answers
B.
A search job can only be paused when less than 50% of events are returned
B.
A search job can only be paused when less than 50% of events are returned
Answers
C.
A search job can only be stopped when less than 50% of events are returned
C.
A search job can only be stopped when less than 50% of events are returned
Answers
D.
Once a search job begins, it can be stopped or paused at any point in time
D.
Once a search job begins, it can be stopped or paused at any point in time
Answers
Suggested answer: D

Explanation:

Reference:

https://answers.splunk.com/answers/329699/why-does-my-search-head-cluster-captain-start-dele-1.html

Question 203

Report
Export
Collapse

Which search will return only events containing the word "error" and display the results as a table that includes the fields named action, src, and dest?

A.
error | table action, src, dest
A.
error | table action, src, dest
Answers
B.
error | tabular action, src, dest
B.
error | tabular action, src, dest
Answers
C.
error | stats table action, src, dest
C.
error | stats table action, src, dest
Answers
D.
error | table column=action column=src column=dest
D.
error | table column=action column=src column=dest
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/search

Explanation:

Question 204

Report
Export
Collapse

Which of the following reports is available in the Fields window?

A.
Top values by time
A.
Top values by time
Answers
B.
Rare values by time
B.
Rare values by time
Answers
C.
Events with top value fields
C.
Events with top value fields
Answers
D.
Events with rare value fields
D.
Events with rare value fields
Answers
Suggested answer: C

Question 205

Report
Export
Collapse

In the Search and Reporting app, which tab displays timecharts and bar charts?

A.
Events
A.
Events
Answers
B.
Patterns
B.
Patterns
Answers
C.
Statistics
C.
Statistics
Answers
D.
Visualization
D.
Visualization
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Aboutreportingcommands

Explanation:

Question 206

Report
Export
Collapse

What will always appear in the Selected Fields list?

A.
index
A.
index
Answers
B.
action
B.
action
Answers
C.
clientip
C.
clientip
Answers
D.
sourcetype
D.
sourcetype
Answers
Suggested answer: D

Question 207

Report
Export
Collapse

What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?

A.
latest=-2h
A.
latest=-2h
Answers
B.
earliest=-2h
B.
earliest=-2h
Answers
C.
latest=-2hour@d
C.
latest=-2hour@d
Answers
D.
earliest=-2hour@d
D.
earliest=-2hour@d
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Specifytimemodifiersinyoursearch

Explanation:

Question 208

Report
Export
Collapse

Which of the following is a Splunk internal field?

A.
_raw
A.
_raw
Answers
B.
host
B.
host
Answers
C.
_host
C.
_host
Answers
D.
index
D.
index
Answers
Suggested answer: A

Question 209

Report
Export
Collapse

Which command will rename action to Customer Action?

A.
| rename action = CustomerAction
A.
| rename action = CustomerAction
Answers
B.
| rename Action as "Customer Action"
B.
| rename Action as "Customer Action"
Answers
C.
| rename Action to "Customer Action"
C.
| rename Action to "Customer Action"
Answers
D.
| rename action as "Customer Action"
D.
| rename action as "Customer Action"
Answers
Suggested answer: D

Explanation:

Reference:

https://answers.splunk.com/answers/610038/understanding-command-in-search.html

Question 210

Report
Export
Collapse

Which of the following is the most efficient search?

A.
index=* "failed password"
A.
index=* "failed password"
Answers
B.
"failed password" index=*
B.
"failed password" index=*
Answers
C.
(index=* OR index=security) "failed password"
C.
(index=* OR index=security) "failed password"
Answers
D.
index=security "failed password"
D.
index=security "failed password"
Answers
Suggested answer: A
Total 246 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms