SPLK-2001 Online Practice Questions and Answers

When updating a knowledge object via REST, which of the following are valid values for the sharing Access Control List property?

A. App

B. User

C. Global

D. Nobody

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

A. No need to do anything, it is turned on by default.

B. When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.

C. When a new HEC token is created in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement".

D. When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement".

Which of the following statements describe oneshot searches? (Select all that apply.)

A. Are always executed asynchronously.

B. Can specify csv as an output format.

C. Stream all results upon search completion.

D. Can use auto_cancel to set a timeout limit.

Which of the following endpoints is used to authenticate with the Splunk REST API?

A. /services/auth/login

B. /services/session/login

C. /services/auth/session/login

D. /servicesNS/authentication/login

Place content to set on page load inside which of the following Simple XML tags?

A.

B.

C.

D.

Which of the following are valid request arguments for the REST search endpoints? (Select all that apply.)

A. latest_time=rt

B. latest_time=now

C. earliest_time=-5h@h

D. earliest_time=rt_10m@m

Which of the following formats are valid for a Splunk REST URI?

A. host:port/endpoint

B. scheme://host/servicesNS/*/

C. $SPLUNK HOME/services/endpoint

D. scheme://host:port/services/endpoint

What predefined drilldown tokens are available specifically for trellis layouts? (Select all that apply.)

A. trellis.Xaxis

B. trellis.Yaxis

C. trellis.name

D. trellis.value

When using the Splunk Web Framework to create a global search, which is the correct post-process

syntax for the base search shown below?

var searchmain = new SearchManager{{

id: "base-search",

search: "index= internal | head 10 | fields "*",

preview: true,

cache: true

}};

A. var mypostproc1 = new PostProcessManager {{ id: "post1", managerid: "base-search", search: "| stats count by sourcetype" }};

B. var mypostproc1 = new PostProcessManager{{ id: "post1", managerid: "base", search: "| stats count by sourcetype" }};

C. var mypostproc1 = new PostProcess{{ id: "post1", managerid: "base-search", search: "| search stats count by sourcetype" }};

D. You cannot create global searches in the Splunk Web Framework.

Data can be added to a KV store collection in which of the following format(s)?

A. JSON

B. JSON, XML

C. JSON, XML, CSV

D. JSON, XML, CSV, TXT