SPLK-1001 Sample Questions Answers

None of the above

Job

Search Only

B. host=WWW3

C. host=WWW*

D. Host=WWW3

Click All Fields and select the field to add it to Selected Fields.

Click Interesting Fields and select the field to add it to Selected Fields.

Click Selected Fields and select the field to add it to Interesting Fields.

This scenario isn’t possible because all fields returned from a search always appear in the fields sidebar.

False

True

False

True

Only data where the error field is present and does not contain a value will be displayed.

Only data with a value in the field error will be displayed.

Only data that does not contain the error field will be displayed.

Only data where the value of the field error does not equal an asterisk (*) will be displayed.

Once a search job begins, it cannot be stopped

A search job can only be paused when less than 50% of events are returned

A search job can only be stopped when less than 50% of events are returned

Once a search job begins, it can be stopped or paused at any point in time

True

False

Search & Reporting is the only app that can be set as the default application.

Full names can only be changed by accounts with a Power User or Admin role.

Time zones are automatically updated based on the setting of the computer accessing Splunk.

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

OR

AND

NOT

NAND

No

Yes

| lookup products.csv

inputlookup products.csv

I inputlookup products.csv

| lookup definition products.csv

True

False

Source type

At least five columns

Timestamp

Input filed

OR

NOT

AND

XOR

The lookup must be configured to run automatically.

The contents of the lookup file must be copied and pasted into the search bar.

The lookup file must be uploaded to Splunk and a lookup definition must be created.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Lists all values of a given field.

Lists unique values of a given field.

Returns a count of unique values for a given field.

Returns the number of events that match the search.

Line charts are optimal for single and multiple series.

Line charts are optimal for single series when using Fast mode.

Line charts are optimal for multiple series with 3 or more columns.

Line charts are optimal for multiseries searches with at least 2 or more columns.

True

False

Dashboards

Searches

Webhooks

Reports

_raw

host

_host

index

| rename action = CustomerAction

| rename Action as “Customer Action”

| rename Action to “Customer Action”

| rename action as “Customer Action”

search heads

indexers

forwarders

_time and host

_time and index

host and sourcetype

index and sourcetype

It is only available to Admins.

Such feature does not exist in Splunk.

Shows options to complete the search string

In chronological order.

Randomly by default.

In reverse chronological order.

Alphabetically according to field name.

action+purchase

action=purchase

action | purchase

action equal purchase

New events based on the current time range picker

The same events based on the current time range picker

The same events from when the original search was executed

New events in addition to the same events from the original search

the_questionnaire _pedia

the_questionnaire pedia

the_questionnaire_pedia

the_questionnaire Pedia

The search will fail. The proper top command format is top limit=3 instead of top 3.

The top three most common values in statusCode will be displayed for each user.

Only the top three overall most common values in statusCode will be displayed.

The percentage field will be displayed in the results.

indexer—index_name

indexer name—index_name

index=index_name

index name=index_name

Only HF

No

Yes

By scheduling a report.

By creating a link to the job.

By changing the job settings.

By changing the time range picker to more than 7 days.

Acceleration, schedule, permissions

The report’s name, schedule, permissions

The report’s name, acceleration, schedule

The report’s name, acceleration, permissions

True

False

Table

Raw

Pie Chart

List

False

True

users

power users

administrators

To group the results by one or more fields.

To compute numerical statistics on each field.

To specify how the values in a list are delimited.

To partition the input data based on the split-by fields.

False

True

2, 1, 3

1, 2, 3

2, 3, 1

3, 2, 1

Your search must transform event data into Excel file format first.

Your search must transform event data into XML formatted data first.

Your search must transform event data into statistical data tables first.

Your search must transform event data into JSON formatted data first.

Review Splunk reports

Run ./splunk show

Click Data Summary in Splunk Web

Search index=* sourcetype=* host=*

True

False

False

True

user

source

location

sourcelp

To sort field values in descending order.

To return only fields containing five of fewer values.

To find the least common values of a field in a dataset.

To find the fields with the fewest number of values across a dataset.

count, sum, add

count, sum, less

sum, avg, values

sum, values, table

action

clientip

categoryld

sourcetype

Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field

Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.

Custom selections will replace the Interesting Fields that Splunk populated into the list at search time

The selected field and its corresponding values will appear underneath the events in the search results

None of the above

Indexing Phase

Parsing Phase

Input Phase

License Metering

You can modify the search string in the panel, and you can change and configure the visualization.

You can modify the search string in the panel, but you cannot change and configure the visualization.

You cannot modify the search string in the panel, but you can change and configure the visualization.

You cannot modify the search string in the panel, and you cannot change and configure the visualization.

index=* “failed password”

“failed password” index=*

(index=* OR index=security) “failed password”

index=security “failed password”

Forwarders

Deployment Server

Indexer

Knowledge Objects

Index

Search Head

In descending order by action, then descending order by file, and lastly by ascending order of bytes.

In ascending order by action, then descending order by file, and lastly by ascending order of bytes.

In descending order by action if it exists. If not, then in descending order by file, and if both action and file do not exist, by ascending order of bytes.

In ascending order by action if it exists. If not, then in descending order by file, and if both action and file do not exist, by ascending order of bytes.

PDF

JSON

XLS

RTF

True

False

Parentheses

@ or # symbols

Quotation marks

Relational operators such as =, <, or >

Time summary

Time range picker

Search time picker

Data source time statistics

Correlated

File-based

Total

Segmented

True

False

sourcetype

index

source

host

True

False

ASCII Character order.

Reverse chronological order.

Alphanumeric order.

Chronological order.

a base search for the object

fields for the object

Sourcetype=access_* |sum bytes by host

Sourcetype=access_* |stats sum(categorylD) by host

Sourcetype=access_* |sum(bytes) by host

Sourcetype=access_* |stats sum by host

All search jobs are saved for 10 days

All search jobs are saved for 10 hours

All search jobs are saved for 10 weeks

All search jobs are saved for 10 minutes

Will return event where status field exist but value of that field is not 100.

Will return event where status field exist but value of that field is not 100 and all events where status field

doesn't exist.

Will get different results depending on data

Lookup fields cannot be used in searches

Lookups contain static data available in the index

Lookups add more fields to results returned by a search

Lookups pull data at index time and add them to search results

Real-time

10 Minutes

Overnight Download

30 Minutes