Splunk SPLK-1001 Practice Test - Questions Answers, Page 5
Question list
List of questions
Related questions
At index time, in which field does Splunk store the timestamp value?
A.
time
B.
_time
C.
EventTime
D.
timestamp
Which statement is true about the top command?
A.
It returns the top 10 results
B.
It displays the output in table format
C.
It returns the count and percent columns per row
D.
All of the above
What determines the scope of data that appears in a scheduled report?
A.
All data accessible to the User role will appear in the report.
B.
All data accessible to the owner of the report will appear in the report.
C.
All data accessible to all users will appear in the report until the next time the report is run.
D.
The owner of the report can configure permissions so that the report uses either the User role or the owner's profile at run time.
What is the main requirement for creating visualizations using the Splunk UI?
A.
Your search must transform event data into Excel file format first.
B.
Your search must transform event data into XML formatted data first.
C.
Your search must transform event data into statistical data tables first.
D.
Your search must transform event data into JSON formatted data first.
How can another user gain access to a saved report?
A.
The owner of the report can edit permissions from the Edit dropdown
B.
Only users with an Admin or Power User role can access other users' reports
C.
Anyone can access any reports marked as public within a shared Splunk deployment
D.
The owner of the report must clone the original report and save it to their user account
What is the primary use for the rare command1?
A.
To sort field values in descending order
B.
To return only fields containing five or fewer values
C.
To find the least common values of a field in a dataset
D.
To find the fields with the fewest number of values across a dataset
What happens when a field is added to the Selected Fields list in the fields sidebar'?
A.
Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field
B.
Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
C.
Custom selections will replace the Interesting Fields that Splunk populated into the list at search time
D.
The selected field and its corresponding values will appear underneath the events in the search results
By default, which of the following is a Selected Field?
A.
action
B.
clientip
C.
categoryld
D.
sourcetype
According to Splunk best practices, which placement of the wildcard results in the most efficient search?
A.
f*il
B.
*fail
C.
fail*
D.
*fail*
Which command automatically returns percent and count columns when executing searches?
A.
top
B.
stats
C.
table
D.
percent
Question