Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Splunk SPLK-1001 - Splunk Core Certified User

Splunk SPLK-1001 Premium Access     Download Demo    
Page: 5 / 8
Total 244 questions

Field names are case sensitive.

A.

True

B.

False

What is the default lifetime of every Splunk search job?

A.

All search jobs are saved for 10 days

B.

All search jobs are saved for 10 hours

C.

All search jobs are saved for 10 weeks

D.

All search jobs are saved for 10 minutes

After running a search, what effect does clicking and dragging across the timeline have?

A.

Executes a new search.

B.

Filters current search results.

C.

Moves to past or future events.

D.

Expands the time range of the search.

What is the purpose of using a by clause with the stats command?

A.

To group the results by one or more fields.

B.

To compute numerical statistics on each field.

C.

To specify how the values in a list are delimited.

D.

To partition the input data based on the split-by fields.

What can be included in the All Fields option in the sidebar?

A.

Dashboards

B.

Metadata only

C.

Non-interesting fields

D.

Field descriptions

Fields are searchable key value pairs in your event data.

A.

True

B.

False

Which of the following reports is available in the Fields window?

A.

Top values by time

B.

Rare values by time

C.

Events with top value fields

D.

Events with rare value fields

Which search string matches only events with the status_code of 4:4?

A.

status_code !=404

B.

status_code>=400

C.

status_code<=404

D.

status code>403 status_code<405

When saving a search directly to a dashboard panel instead of saving as a report first, which of the following is

created?

A.

Cloned panel

B.

Inline panel

C.

Report panel

D.

Prebuilt panel

What is the result of the following search?

index=myindex source=c: \mydata. txt NOT error=*

A.

Only data where the error field is present and does not contain a value will be displayed.

B.

Only data with a value in the field error will be displayed.

C.

Only data that does not contain the error field will be displayed.

D.

Only data where the value of the field error does not equal an asterisk (*) will be displayed.