Splunk SPLK-1001 Practice Test - Questions Answers, Page 6
Question list
List of questions
Related questions
Which of the following describes lookup files?
A.
Lookup fields cannot be used in searches
B.
Lookups contain static data available in the index
C.
Lookups add more fields to results returned by a search
D.
Lookups pull data at index time and add them to search results
When running searches command modifiers in the search string are displayed in what color?
A.
Red
B.
Blue
C.
Orange
D.
Highlighted
How do you add or remove fields from search results?
A.
Use field +to add and field -to remove.
B.
Use table +to add and table -to remove.
C.
Use fields +to add and fields –to remove.
D.
Use fields Plus to add and fields Minus to remove.
What are the steps to schedule a report?
A.
After saving the report, click Schedule.
B.
After saving the report, click Event Type.
C.
After saving the report, click Scheduling.
D.
After saving the report, click Dashboard Panel.
By default, how long does Splunk retain a search job?
A.
10 Minutes
B.
15 Minutes
C.
1 Day
D.
7 Days
Which Boolean operator is implied between search terms, unless otherwise specified?
A.
OR
B.
AND
C.
NOT
D.
NAND
What is a primary function of a scheduled report?
A.
Auto-detect changes in performance
B.
Auto-generated PDF reports of overall data trends
C.
Regularly scheduled archiving to keep disk space use low
D.
Triggering an alert in your Splunk instance when certain conditions are met
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
A.
|
B.
$
C.
!
D.
,
Which search string is the most efficient?
A.
"failed password"
B.
''failed password"*
C.
index=* "failed password"
D.
index=security "failed password"
Which search string matches only events with the status_code of 4:4?
A.
status_code !=404
B.
status_code>=400
C.
status_code<=404
D.
status code>403 status_code<405
Question