SPLK-1001

Ace your homework & exams now with Quizwiz!

indicates that the majority of the field values are numeric

#

When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?

$SPLUNK_HOME/bin/scripts

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

(index=netfw failure) OR (index=netops (warn OR critical))

When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?

,

By default, how long does Splunk retain a search job?

10 mintues

Boolean

A single value of either TRUE or FALSE

Which statement is true about Splunk alerts?

Alerts are based on searches that ate either run on a scheduled interval or in real-time

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

An app

What is one benefit of creating dashboard panels from reports?

Any change to the underlying report will affect every dashboard that utilizes that report

Line charts

Are optimal for single and multiple series

How can search results be kept longer than 7 days?

By scheduling a report.

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

Click all fields and select the field to add it to selected field

Which of the following statements about case sensitivity is true?

Field names ARE care sensitive; field values are NOT

Which of the following is a Splunk search best practice?

Filter as early as possible.

After running a search, what effect does clicking and dragging across the timeline have?

Filters current search results

Which of the following Splunk components typically resides on the machines where data Originates?

Forwarder

Which of the following is true about user account settings and preferences?

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar

How are events displayed after a search is executed?

In reverse chronological order (newest first)

What does the values function of the stats command do?

Lists unique values of a given field

Which of the following represents the Splunk recommended naming convention for dashboards?

Object_Group_Description

When running searches, command modifiers in the search string are displayed in what color?

Orange

Which time range picker configuration would return real-time events for the past 30 seconds?

Real-time-Earliest: 30-seconds ago, Latest: Now

What syntax is used to link key/value pairs in search strings?

Relational operators such as =,<, or >

What does the rare command do?

Returns the latest common field values of a given field in the results

What must be done in order to use a lookup table in Splunk?

The lookup file must be uploaded to splunk and a lookup definition must be created

What determines the scope of data that appears in a scheduled report?

The owner of the report can configured permission so that the report uses either the User role or the owners profile at run time.

When writing searches in Splunk, which of the following is true about Booleans?

They must be uppercase.

What is the purpose of using a by clause with the stats command?

To group the results by one or more fields

What is a primary function of a scheduled report?

Triggered an alert in your Splunk instance when certain conditions are met.

How do you add or remove fields from search results?

Use fields +to add and fields -to remove

When looking at a dashboard panel that is based on a report, which of the following is true?

You cannot modify the search strings in the panel, but you can change and configure the visualization.

In the fields sidebar, which character denotes alphanumeric field values?

a

Which stats command function provides a count of how many unique values exist for a given field in the result set?

dc(field)

Which search string only returns events from host WWW3?

host=WWW3

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

index

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

index=security sourcetype=access_* | status=200 | stats count by price

Which command is used to review the contents of a specified static lookup file?

inputlookup

which of the following constraints can be used with the top command?

limit

Which of the following are common constraints of the top command?

showperc, countfield

What is the correct syntax to count the number of events containing a vendor_action field?

stats count (vendor_action)

What is the main requirement for creating visualizations using the Splunk UI?

your search must transform event data into statistical data tables first

See all study sets

Related study sets

Comboset 5 -(C228) ATI-Community Health <Tests & Vocab>

View Set

CC Ch. 21, Ch 21 Respiratory Care Modalities, PrepU Resp AH, MedSurg Chapter 21 Respiratory Care Modalities, Ch 21 - Respiratory Care Modalities, Ex. 4-Ch. 21 (Med Surg) Resp. Care Modalities

View Set

EMT Chapter 38: Vehicle Extrication and Special Rescue

View Set

Corporate Finance Connect Questions

View Set

hof ch 71 - mass casualty and disaster preparedness

View Set

Real Estate Principles, Real Estate Practice, Legal Aspects of Real Estate

View Set

Unit 7 Economic Factors Study questions

View Set