Splunk SPLK-1001 Practice Test - Questions Answers, Page 8
Question list
List of questions
Related questions
In automatic lookup definitions, the _____ fields are those that are not in the event data.
A.
input
B.
output
What is the correct order of steps for creating a new lookup?
A.
Configure the lookup to run automatically
B.
Create the lookup table
C.
Define the lookup
D.
2, 1, 3
E.
1, 2, 3
F.
2, 3, 1
G.
3, 2, 1
The command shown here does witch of the following: Command: |outputlookup products.csv
A.
Writes search results to a file named products.csv
B.
Returns the contents of a file named products.csv
Which of the following are not true about lookups? (Select all that apply.)
A.
Lookups can be time based
B.
Search results can be used to populate a lookup tableC .Splunk DB Connect can be used to populate a lookup table from relational databases
C.
Output from a script can be used to populate a lookup table
D.
Lookup have a 10mg maximum size limit
It is mandatory for the lookup file to have this for an automatic lookup to work.
A.
Source type
B.
At least five columns
C.
Timestamp
D.
Input filed
By default, all users have DELETE permission to ALL knowledge objects.
A.
True
B.
False
These users can create global knowledge objects. (Select all that apply.)
A.
users
B.
power users
C.
administrators
All users by default have WRITE permission to ALL knowledge objects.
A.
True
B.
False
Creating Data Models:
Object ATTRIBUTES do not define ___________.
A.
a base search for the object
B.
fields for the object
Question