Splunk splk-1001 practice test

Splunk Core Certified User Exam

Last exam update: Dec 15 ,2024
Page 1 out of 15. Viewing questions 1-15 out of 226

Question 1

What are the two most efficient search filters?

  • A. _time and host
  • B. _time and index
  • C. host and sourcetype
  • D. index and sourcetype
Answer:

B

User Votes:
A 1 votes
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the following is a metadata field assigned to every event in Splunk?

  • A. host
  • B. owner
  • C. bytes
  • D. action
Answer:

A


Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Assignmetadatatoeventsdynamically

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Assuming a user has the capability to edit reports, which of the following are editable?

  • A. Acceleration, schedule, permissions
  • B. The report’s name, schedule, permissions
  • C. The report’s name, acceleration, schedule
  • D. The report’s name, acceleration, permissions
Answer:

B


Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Report/Createandeditreports

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

  • A. Review Splunk reports
  • B. Run ./splunk show
  • C. Click Data Summary in Splunk Web
  • D. Search index=* sourcetype=* host=*
Answer:

C


Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/InheritedDeployment/Yourdata

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

When viewing results of a search job from the Activity menu, which of the following is displayed?

  • A. New events based on the current time range picker
  • B. The same events based on the current time range picker
  • C. The same events from when the original search was executed
  • D. New events in addition to the same events from the original search
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which of the following is a correct way to limit search results to display the 5 most common values of
a field?

  • A. | rare top=5
  • B. | top rare=5
  • C. | top limit=5
  • D. | rare limit=5
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following is the most efficient search?

  • A. index=* “failed password”
  • B. “failed password” index=*
  • C. (index=* OR index=security) “failed password”
  • D. index=security “failed password”
Answer:

A

User Votes:
A 1 votes
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which command will rename action to Customer Action?

  • A. | rename action = CustomerAction
  • C. | rename Action to “Customer Action”
  • D. | rename action as “Customer Action”
Answer:

D


Explanation:
Reference:
https://answers.splunk.com/answers/610038/understanding-command-in-search.html

User Votes:
A
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
C
D
0 / 1000

Question 9

Which of the following is a Splunk internal field?

  • A. _raw
  • B. host
  • C. _host
  • D. index
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What is the correct way to use a time range specifier in the search bar so that the search looks back 2
hours?

  • A. latest=-2h
  • B. earliest=-2h
  • C. latest=-2hour@d
  • D. earliest=-2hour@d
Answer:

B


Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Specifytimemodifiersinyoursearch

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

What will always appear in the Selected Fields list?

  • A. index
  • B. action
  • C. clientip
  • D. sourcetype
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

In the Search and Reporting app, which tab displays timecharts and bar charts?

  • A. Events
  • B. Patterns
  • C. Statistics
  • D. Visualization
Answer:

D


Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Aboutreportingcommands

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following reports is available in the Fields window?

  • A. Top values by time
  • B. Rare values by time
  • C. Events with top value fields
  • D. Events with rare value fields
Answer:

C

User Votes:
A 3 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
[email protected]
3 months, 3 weeks ago

Top Values by time

0

Question 14

Which search will return only events containing the word error and display the results as a table
that includes
the fields named action, src, and dest?

  • A. error | table action, src, dest
  • B. error | tabular action, src, dest
  • C. error | stats table action, src, dest
  • D. error | table column=action column=src column=dest
Answer:

C


Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/search

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following statements describes a search job?

  • A. Once a search job begins, it cannot be stopped
  • B. A search job can only be paused when less than 50% of events are returned
  • C. A search job can only be stopped when less than 50% of events are returned
  • D. Once a search job begins, it can be stopped or paused at any point in time
Answer:

D


Explanation:
Reference:
https://answers.splunk.com/answers/329699/why-does-my-search-head-cluster-captain-start-dele-1.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2