ExamGecko
Login
Home / Splunk / SPLK-1001 / List of questions
Ask Question

Splunk SPLK-1001 Practice Test - Questions Answers, Page 3

Add to Whishlist

List of questions

Question 21

Report Export Collapse

What must be done in order to use a lookup table in Splunk?

The lookup must be configured to run automatically.
The lookup must be configured to run automatically.
The contents of the lookup file must be copied and pasted into the search bar.
The contents of the lookup file must be copied and pasted into the search bar.
The lookup file must be uploaded to Splunk and a lookup definition must be created.
The lookup file must be uploaded to Splunk and a lookup definition must be created.
The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.
The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.
Suggested answer: C
asked 23/09/2024
Ola Magnus Sundlisæter
39 questions

Question 22

Report Export Collapse

What is a suggested Splunk best practice for naming reports?

Reports are best named using many numbers so they can be more easily sorted.
Reports are best named using many numbers so they can be more easily sorted.
Use a consistent naming convention so they are easily separated by characteristics such as group and object.
Use a consistent naming convention so they are easily separated by characteristics such as group and object.
Name reports as uniquely as possible with no overlap to differentiate them from one another.
Name reports as uniquely as possible with no overlap to differentiate them from one another.
Any naming convention is fine as long as you keep an external spreadsheet to keep track.
Any naming convention is fine as long as you keep an external spreadsheet to keep track.
Suggested answer: B
asked 23/09/2024
Shantal Aviles
42 questions

Question 23

Report Export Collapse

Which of the following Splunk components typically resides on the machines where data originates?

Indexer
Indexer
Forwarder
Forwarder
Search head
Search head
Deployment server
Deployment server
Suggested answer: B
asked 23/09/2024
Andrea Tria
49 questions

Question 24

Report Export Collapse

What does the following specified time range do? earliest=-72h@h latest=@d

Look back 3 days ago and prior
Look back 3 days ago and prior
Look back 72 hours up to one day ago
Look back 72 hours up to one day ago
Look back 72 hours, up to the end of today
Look back 72 hours, up to the end of today
Look back from 3 days ago up to the beginning of today
Look back from 3 days ago up to the beginning of today
Suggested answer: D
asked 23/09/2024
George Morales
54 questions

Question 25

Report Export Collapse

Which of the following is true about user account settings and preferences?

Search & Reporting is the only app that can be set as the default application.
Search & Reporting is the only app that can be set as the default application.
Full names can only be changed by accounts with a Power User or Admin role.
Full names can only be changed by accounts with a Power User or Admin role.
Time zones are automatically updated based on the setting of the computer accessing Splunk.
Time zones are automatically updated based on the setting of the computer accessing Splunk.
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
Suggested answer: D
asked 23/09/2024
Konstantinos Lagoudakis
37 questions

Question 26

Report Export Collapse

Which of the following are common constraints of the top command?

limit, count
limit, count
limit, showpercent
limit, showpercent
limits, countfield
limits, countfield
showperc, countfield
showperc, countfield
Suggested answer: B
asked 23/09/2024
Reinhard KOhl
42 questions

Question 27

Report Export Collapse

What is the purpose of using a by clause with the stats command?

To group the results by one or more fields.
To group the results by one or more fields.
To compute numerical statistics on each field.
To compute numerical statistics on each field.
To specify how the values in a list are delimited.
To specify how the values in a list are delimited.
To partition the input data based on the split-by fields.
To partition the input data based on the split-by fields.
Suggested answer: A
asked 23/09/2024
Edgar Santiago
51 questions

Question 28

Report Export Collapse

Which events will be returned by the following search string? host=www3 status=503

All events that either have a host of www3 or a status of 503.
All events that either have a host of www3 or a status of 503.
All events with a host of www3 that also have a status of 503
All events with a host of www3 that also have a status of 503
We need more information: we cannot tell without knowing the time range
We need more information: we cannot tell without knowing the time range
We need more information a search cannot be run without specifying an index
We need more information a search cannot be run without specifying an index
Suggested answer: B
asked 23/09/2024
Courage Marume
41 questions

Question 29

Report Export Collapse

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

(index=netfw failure) AND index=netops warn OR critical
(index=netfw failure) AND index=netops warn OR critical
(index=netfw failure) OR (index=netops (warn OR critical))
(index=netfw failure) OR (index=netops (warn OR critical))
(index=netfw failure) AND (index=netops (warn OR critical))
(index=netfw failure) AND (index=netops (warn OR critical))
(index=netfw failure) OR index=netops OR (warn OR critical)
(index=netfw failure) OR index=netops OR (warn OR critical)
Suggested answer: B
asked 23/09/2024
Dewi Fitriyani
59 questions

Question 30

Report Export Collapse

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

index=security sourcetype=access_* status=200 stats | count by price
index=security sourcetype=access_* status=200 stats | count by price
index=security sourcetype=access_* status=200 | stats count by price
index=security sourcetype=access_* status=200 | stats count by price
index=security sourcetype=access_* status=200 | stats count | by price
index=security sourcetype=access_* status=200 | stats count | by price
index=security sourcetype=access_* | status=200 | stats count by price
index=security sourcetype=access_* | status=200 | stats count by price
Suggested answer: B
asked 23/09/2024
JENNIFER MALIWANAG
51 questions
Total 246 questions
Go to page: of 25
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are the three main Splunk components?
Which of the following is the best way to create a report that shows the last 24 hours of events?
Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)
How are the results of the following search sorted? ... | sort action, ---file, +bytes
Which of the following reports is available in the Fields window?
Put query into separate lines where | (Pipes) are used by selecting following options.
Field names are case sensitive and field value are not.
Zoom Out and Zoom to Selection re-executes the search.
How does Splunk determine which fields to extract from data?
When is an alert triggered?