SPLK-1001 Online Practice Questions and Answers

When running searches command modifiers in the search string are displayed in what color?

A. Red

B. Blue

C. Orange

D. Highlighted

Splunk Components:

Which of the following are responsible for reducing search results?

A. search heads

B. indexers

C. forwarders

Which of the following is an accurate definition of fields within Splunk?

A. Inherent entities that exist in event data.

B. A searchable key/value pair in event data.

C. Values pulled exclusively from lookup tables.

D. A non-searchable name/value pair used while indexing data.

What are the two most efficient search filters?

A. _time and host

B. _time and index

C. host and sourcetype

D. index and sourcetype

Which Boolean operator is implied between search terms, unless otherwise specified?

A. OR

B. AND

C. NOT

D. NAND

What are the steps to schedule a report?

A. After saving the report, click Schedule.

B. After saving the report, click Event Type.

C. After saving the report, click Scheduling.

D. After saving the report, click Dashboard Panel.

Log filtering/parsing can be done from _____________.

A. Index Forwarders (IF)

B. Universal Forwarders (UF)

C. Super Forwarder (SF)

D. Heavy Forwarders (HF)

What user interface component allows for time selection?

A. Time summary

B. Time range picker

C. Search time picker

D. Data source time statistics

Which search string matches only events with the status_code of 4:4?

A. status_code !=404

B. status_code>=400

C. status_code<=404

D. status code>403 status_code<405

How does Splunk determine which fields to extract from data?

A. Splunk only extracts the most interesting data from the last 24 hours.

B. Splunk only extracts fields users have manually specified in their data.

C. Splunk automatically extracts any fields that generate interesting visualizations.

D. Splunk automatically discovers many fields based on source type and key/value pairs found in the data.