- All Exams Instant Download
Which component of Splunk let us write SPL query to find the required data?
Which component of Splunk let us write SPL query to find the required data?A . ForwardersB . IndexerC . Heavy ForwardersD . Search headView AnswerAnswer: D
Which search string is the most efficient?
Which search string is the most efficient?A . "failed password"B . ''failed password"*C . index=* "failed password"D . index=security "failed password"View AnswerAnswer: D
Which of the following statements are correct about Search & Reporting App? (Choose three.)
Which of the following statements are correct about Search & Reporting App? (Choose three.)A . Can be accessed by Apps > Search & Reporting.B . Provides default interface for searching and analyzing logs.C . Enables the user to create knowledge object, reports, alerts and dashboards.D . It only gives us...
Which of the following index searches would provide the most efficient search performance?
Which of the following index searches would provide the most efficient search performance?A . index=*B . index=web OR index=s*C . (index=web OR index=sales)D . *index=sales AND index=web*View AnswerAnswer: C
Which is one of the directories Splunk will look in to find the script?
When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?A . $SPLUNK_HOME/bin/scriptsB . $SPLUNK_HOME/etc/scriptsC . $SPLUNK_HOME/bin/etc/scriptsD . $SPLUNK_HOME/etc/scripts/binView AnswerAnswer: A
All users by default have WRITE permission to ALL knowledge objects.
All users by default have WRITE permission to ALL knowledge objects.A . TrueB . FalseView AnswerAnswer: B
Which search matches the events containing the terms "error" and "fail"?
Which search matches the events containing the terms "error" and "fail"?A . index=security Error FailB . index=security error OR failC . index=security “error failure”D . index=security NOT error NOT failView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/Search
Splunk apps are used for following (Choose three.):
Splunk apps are used for following (Choose three.):A . Designed to cater numerous use cases and empower Splunk.B . We can not install Splunk App.C . Allows multiple workspaces for different use cases/user roles.D . It is collection of different Splunk config files like data inputs, UI and Knowledge Object.View...
Fields are searchable key value pairs in your event data.
Fields are searchable key value pairs in your event data.A . TrueB . FalseView AnswerAnswer: A
Which of the following is the best way to create a report that shows the last 24 hours of events?
Which of the following is the best way to create a report that shows the last 24 hours of events?A . Use earliest=-1d@d latest=@dB . Set a real-time search over a 24-hour windowC . Use the time range picket to select “Yesterday”D . Use the time range picker to select...
