SPLK-1001 Online Practice Questions and Answers

Which of the following Splunk components typically resides on the machines where data originates?

A. Indexer

B. Forwarder

C. Search head

D. Deployment server

Which of the following index searches would provide the most efficient search performance?

A. index=*

B. index=web OR index=s*

C. (index=web OR index=sales)

D. *index=sales AND index=web*

How can another user gain access to a saved report?

A. The owner of the report can edit permissions from the Edit dropdown

B. Only users with an Admin or Power User role can access other users' reports

C. Anyone can access any reports marked as public within a shared Splunk deployment

D. The owner of the report must clone the original report and save it to their user account

This function of the stats command allows you to return the sample standard deviation of a field.

A. stdev

B. dev

C. count deviation

D. by standarddev

It is mandatory for the lookup file to have this for an automatic lookup to work.

A. Source type

B. At least five columns

C. Timestamp

D. Input filed

By default search results are not returned in ________ order.

A. Chronological

B. Reverser chronological

C. ASCIE

D. Alphabetical

Splunk Parses data into individual events, extracts time, and assigns metadata.

A. False

B. True

There are three different search modes in Splunk (Choose three.):

A. Automatic

B. Smart

C. Fast

D. Verbose

What options do you get after selecting timeline? (Choose four.)

A. Zoom to selection

B. Format Timeline

C. Deselect

D. Delete

E. Zoom Out

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

A. Review Splunk reports

B. Run ./splunk show

C. Click Data Summary in Splunk Web

D. Search index=* sourcetype=* host=*