Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Splunk SPLK-1001 - Splunk Core Certified User

Splunk SPLK-1001 Premium Access     Download Demo    
Page: 1 / 8
Total 244 questions

By default, which of the following is a Selected Field?

A.

action

B.

clientip

C.

categoryld

D.

sourcetype

Which command is used to review the contents of a specified static lookup file?

A.

lookup

B.

csvlookup

C.

inputlookup

D.

outputlookup

Splunk extracts fields from event data at index time and at search time.

A.

True

B.

False

Which of the following are Splunk premium enhanced solutions? (Choose three.)

A.

Splunk User Behavior Analytics (UBA)

B.

Splunk IT Service Intelligence (ITSI)

C.

Splunk Enterprise Security (ES)

D.

Splunk Analytics Security (AS)

There are three different search modes in Splunk (Choose three.):

A.

Automatic

B.

Smart

C.

Fast

D.

Verbose

Which of the following statements are correct about Search & Reporting App? (Choose three.)

A.

Can be accessed by Apps > Search & Reporting.

B.

Provides default interface for searching and analyzing logs.

C.

Enables the user to create knowledge object, reports, alerts and dashboards.

D.

It only gives us search functionality.

What is Search Assistant in Splunk?

A.

It is only available to Admins.

B.

Such feature does not exist in Splunk.

C.

Shows options to complete the search string

What is the proper SPL terminology for specifying a particular index in a search?

A.

indexer—index_name

B.

indexer name—index_name

C.

index=index_name

D.

index name=index_name

!= and NOT are same arguments.

A.

True

B.

False

What is a suggested Splunk best practice for naming reports?

A.

Reports are best named using many numbers so they can be more easily sorted.

B.

Use a consistent naming convention so they are easily separated by characteristics such as group and object.

C.

Name reports as uniquely as possible with no overlap to differentiate them from one another.

D.

Any naming convention is fine as long as you keep an external spreadsheet to keep track.