ExamGecko
Login
Home / Splunk / SPLK-1001 / List of questions
Ask Question

Splunk SPLK-1001 Practice Test - Questions Answers, Page 8

List of questions

Question 71

Report Export Collapse

In automatic lookup definitions, the _____ fields are those that are not in the event data.

input
input
output
output
Suggested answer: B
asked 23/09/2024
Nagaretnam, Ravin
41 questions

Question 72

Report Export Collapse

What is the correct order of steps for creating a new lookup?

Configure the lookup to run automatically
Configure the lookup to run automatically
Create the lookup table
Create the lookup table
Define the lookup
Define the lookup
2, 1, 3
2, 1, 3
1, 2, 3
1, 2, 3
2, 3, 1
2, 3, 1
3, 2, 1
3, 2, 1
Suggested answer: C
asked 23/09/2024
ILLIA VELIASEVICH
51 questions

Question 73

Report Export Collapse

The command shown here does witch of the following: Command: |outputlookup products.csv

Writes search results to a file named products.csv
Writes search results to a file named products.csv
Returns the contents of a file named products.csv
Returns the contents of a file named products.csv
Suggested answer: A
asked 23/09/2024
waleed Haridi
38 questions

Question 74

Report Export Collapse

Which of the following are not true about lookups? (Select all that apply.)

Lookups can be time based
Lookups can be time based
Search results can be used to populate a lookup tableC .Splunk DB Connect can be used to populate a lookup table from relational databases
Search results can be used to populate a lookup tableC .Splunk DB Connect can be used to populate a lookup table from relational databases
Output from a script can be used to populate a lookup table
Output from a script can be used to populate a lookup table
Lookup have a 10mg maximum size limit
Lookup have a 10mg maximum size limit
Suggested answer:
asked 23/09/2024
Reece Scarley
46 questions

Question 75

Report Export Collapse

Lookups allow you to overwrite your raw event.

True
True
False
False
Suggested answer: A
asked 23/09/2024
Nicola Grossi
44 questions

Question 76

Report Export Collapse

It is mandatory for the lookup file to have this for an automatic lookup to work.

Source type
Source type
At least five columns
At least five columns
Timestamp
Timestamp
Input filed
Input filed
Suggested answer: D
asked 23/09/2024
Nezha El Fakraoui
35 questions

Question 77

Report Export Collapse

By default, all users have DELETE permission to ALL knowledge objects.

True
True
False
False
Suggested answer: B
asked 23/09/2024
Winston Seedorf
36 questions

Question 78

Report Export Collapse

These users can create global knowledge objects. (Select all that apply.)

users
users
power users
power users
administrators
administrators
Suggested answer: B, C
asked 23/09/2024
Luca Arcuri
35 questions

Question 79

Report Export Collapse

All users by default have WRITE permission to ALL knowledge objects.

True
True
False
False
Suggested answer: B
asked 23/09/2024
Martynas Abrutis
43 questions

Question 80

Report Export Collapse

Creating Data Models:

Object ATTRIBUTES do not define ___________.

a base search for the object
a base search for the object
fields for the object
fields for the object
Suggested answer: A
asked 23/09/2024
Vitalii Lutsenko
37 questions
Total 246 questions
Go to page: of 25
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are the three main Splunk components?
Which of the following is the best way to create a report that shows the last 24 hours of events?
Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)
How are the results of the following search sorted? ... | sort action, ---file, +bytes
Which of the following reports is available in the Fields window?
Put query into separate lines where | (Pipes) are used by selecting following options.
Field names are case sensitive and field value are not.
Zoom Out and Zoom to Selection re-executes the search.
How does Splunk determine which fields to extract from data?
When is an alert triggered?