- All Exams Instant Download
By default, which of the following fields would be listed in the fields sidebar under interesting Fields?
By default, which of the following fields would be listed in the fields sidebar under interesting Fields?A . hostB . indexC . sourceD . sourcetypeView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/185864/selected-fields-in-fields-side-bar.html
Which search would return events from the access_combinedsourcetype?
Which search would return events from the access_combinedsourcetype?A . Sourcetype=access_combinedB . Sourcetype=Access_CombinedC . sourcetype=Access_CombinedD . SOURCETYPE=access_combinedView AnswerAnswer: A
In the Splunk interface, the list of alerts can be filtered based on which characteristics?
In the Splunk interface, the list of alerts can be filtered based on which characteristics?A . App, Owner, Severity, and TypeB . App, Owner, Priority, and StatusC . App, Dashboard, Severity, and TypeD . App, Time Window, Type, and SeverityView AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Alert/Reviewtriggeredalerts
After running a search, what effect does clicking and dragging across the timeline have?
After running a search, what effect does clicking and dragging across the timeline have?A . Executes a new search.B . Filters current search results.C . Moves to past or future events.D . Expands the time range of the search.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Usethetimeline
Which time range picker configuration would return real-time events for the past 30 seconds?
Which time range picker configuration would return real-time events for the past 30 seconds?A . Preset - Relative: 30-seconds agoB . Relative - Earliest: 30-seconds ago, Latest: NowC . Real-time - Earliest: 30-seconds ago, Latest: NowD . Advanced - Earliest: 30-seconds ago, Latest: NowView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Selecttimerangestoapply
When looking at a dashboard panel that is based on a report, which of the following is true?
When looking at a dashboard panel that is based on a report, which of the following is true?A . You can modify the search string in the panel, and you can change and configure the visualization.B . You can modify the search string in the panel, but you cannot change...
When displaying results of a search, which of the following is true about line charts?
When displaying results of a search, which of the following is true about line charts?A . Line charts are optimal for single and multiple series.B . Line charts are optimal for single series when using Fast mode.C . Line charts are optimal for multiple series with 3 or more columns.D...
What does the rare command do?
What does the rare command do?A . Returns the least common field values of a given field in the results.B . Returns the most common field values of a given field in the results.C . Returns the top 10 field values of a given field in the results.D . Returns...
Which of the following searches will return results where fail, 400, and error exist in every event?
Which of the following searches will return results where fail, 400, and error exist in every event?A . error AND (fail AND 400)B . error OR (fail and 400)C . error AND (fail OR 400)D . error OR fail OR 400View AnswerAnswer: C
When placed early in a search, which command is most effective at reducing search execution time?
When placed early in a search, which command is most effective at reducing search execution time?A . dedupB . renameC . sort D . fields +View AnswerAnswer: A
