The Secret Of Splunk SPLK-1001 Practice Question

NEW QUESTION 1
Parsing of data can happen both in HF and UF.

• A. Yes
• B. No

Answer: B

NEW QUESTION 2
What happens when a field is added to the Selected Fields list in the fields sidebar?

• A. Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
• B. Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
• C. Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
• D. The selected field and its corresponding values will appear underneath the events in the search results.

Answer: D

NEW QUESTION 3
Which search matches the events containing the terms “error” and “fail”?

• A. index=security Error Fail
• B. index=security error OR fail
• C. index=security “error failure”
• D. index=security NOT error NOT fail

Answer: B

NEW QUESTION 4
You are able to create new Index in Data Input settings.

• A. No
• B. Yes

Answer: B

NEW QUESTION 5
What can be included in the All Fields option in the sidebar?

• A. Dashboards
• B. Metadata only
• C. Non-interesting fields
• D. Field descriptions

Answer: D

NEW QUESTION 6
Data summary button just below the search bar gives you the following (Choose three.):

• A. Hosts
• B. Sourcetypes
• C. Sources
• D. Indexes

Answer: ABC

NEW QUESTION 7
Splunk Parses data into individual events, extracts time, and assigns metadata.

• A. False
• B. True

Answer: B

NEW QUESTION 8
Splunk index time process can be broken down into _____ phases.

• A. 3
• B. 2
• C. 4
• D. 1

Answer: A

NEW QUESTION 9
When looking at a dashboard panel that is based on a report, which of the following is true?

• A. You can modify the search string in the panel, and you can change and configure the visualization.
• B. You can modify the search string in the panel, but you cannot change and configure the visualization.
• C. You cannot modify the search string in the panel, but you can change and configure the visualization.
• D. You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Answer: C

NEW QUESTION 10
Which command is used to validate a lookup file?

• A. | lookup products.csv
• B. inputlookup products.csv
• C. | inputlookup products.csv
• D. | lookup_definition products.csv

Answer: C

NEW QUESTION 11
Which stats command function provides a count of how many unique values exist for a given field in the result set?

• A. dc(field)
• B. count(field)
• C. count-by(field)
• D. distinct-count(field)

Answer: A

NEW QUESTION 12
Matching search terms are highlighted.

• A. Yes
• B. No

Answer: A

NEW QUESTION 13
When placed early in a search, which command is most effective at reducing search execution time?

• A. dedup
• B. rename
• C. sort -
• D. fields +

Answer: A

NEW QUESTION 14
Forward Option gather and forward data to indexers over a receiving port from remote machines.

• A. False
• B. True

Answer: B

NEW QUESTION 15
Where does Licensing meter happen?

• A. Indexer
• B. Parsing
• C. Heavy Forwarder
• D. Input

Answer: A

NEW QUESTION 16
Splunk shows data in _____ .

• A. ASCII Character order.
• B. Reverse chronological order.
• C. Alphanumeric order.
• D. Chronological order.

Answer: B

NEW QUESTION 17
What is the purpose of using a by clause with the stats command?

• A. To group the results by one or more fields.
• B. To compute numerical statistics on each field.
• C. To specify how the values in a list are delimited.
• D. To partition the input data based on the split-by fields.

Answer: A

NEW QUESTION 18
What can be configured using the Edit Job Settings menu?

• A. Export the result to CSV format.
• B. Add the Job results to a dashboard.
• C. Schedule the Job to re-run in 10 minutes.
• D. Change Job Lifetime from 10 minutes to 7 days.

Answer: B

NEW QUESTION 19
When viewing the results of a search, what is an Interesting Field?

• A. A field that appears in any event.
• B. A field that appears in every event.
• C. A field that appears in the top 10 events.
• D. A field that appears in at least 20% of the events.

Answer: D

NEW QUESTION 20
You can on-board data to Splunk using following means (Choose four.):

• A. Props
• B. CLI
• C. Splunk Web
• D. savedsearches.conf
• E. Splunk apps and add-ons
• F. indexes.conf
• G. inputs.conf
• H. metadata.conf

Answer: BCEG

NEW QUESTION 21
Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

• A. Save the search as a report and use it in multiple dashboards as needed.
• B. Save the search as a dashboard panel for each dashboard that needs the data.
• C. Save the search as a scheduled alert and use it in multiple dashboards as needed.
• D. Export the results of the search to an XML file and use the file as the basis of the dashboards.

Answer: D

NEW QUESTION 22
There are three different search modes in Splunk (Choose three.):

• A. Automatic
• B. Smart
• C. Fast
• D. Verbose

Answer: BCD

NEW QUESTION 23
Select the correct option that applies to Index time processing (Choose three.).

• A. Indexing
• B. Searching
• C. Parsing
• D. Settings
• E. Input

Answer: ACE

NEW QUESTION 24
How do you add or remove fields from search results?

• A. Use field +to add and field -to remove.
• B. Use table +to add and table -to remove.
• C. Use fields +to add and fields –to remove.
• D. Use fields Plus to add and fields Minus to remove.

Answer: C

NEW QUESTION 25
......