SPLK-1001

Following are the time selection option while making search: (Choose all that apply.)A . Date & Time RangeB . AdvancedC . Date RangeD . PresetsE . RelativeView AnswerAnswer: B

Splunk apps are used for following (Choose three.):A . Designed to cater numerous use cases and empower Splunk.B . We can not install Splunk App.C . Allows multiple workspaces for different use cases/user roles.D . It is collection of different Splunk config files like data inputs, UI and Knowledge Object.View...

Fields are searchable key value pairs in your event data.A . TrueB . FalseView AnswerAnswer: A

Prefix wildcards might cause performance issues.A . FalseB . TrueView AnswerAnswer: B

When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?A . |B . $C . !D . ,View AnswerAnswer: D

Field values are case sensitive.A . TrueB . FalseView AnswerAnswer: B

NOT status = 100:A . Will display result depending on the data.B . Will return event where status field exist but value of that field is not 100.C . Will return event where status field exist but value of that field is not 100 and all events where status field...

What kind of logs can Splunk Index?A . Only A, BB . Router and Switch LogsC . Firewall and Web Server LogsD . Only CE . Database logsF . All firewall, web server, database, router and switch logsView AnswerAnswer: F

All components are installed and administered in Splunk Enterprise on-premise.A . TrueB . FalseView AnswerAnswer: A

Which of the following is the best way to create a report that shows the last 24 hours of events?A . Use earliest=-1d@d latest=@dB . Set a real-time search over a 24-hour windowC . Use the time range picket to select “Yesterday”D . Use the time range picker to select...