Which of the following is a Splunk search best practice?

Which of the following is a Splunk search best practice?A . Filter as early as possible.B . Never specify more than one index.C . Include as few search terms as possible.D . Use wildcards to return more search results.View AnswerAnswer: A

August 22, 2019 No Comments READ MORE +

When writing searches in Splunk, which of the following is true about Booleans?

When writing searches in Splunk, which of the following is true about Booleans?A . They must be lowercase.B . They must be uppercase.C . They must be in quotations.D . They must be in parentheses.View AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Booleanexpressions

August 20, 2019 3 Comments READ MORE +

When displaying results of a search, which of the following is true about line charts?

When displaying results of a search, which of the following is true about line charts?A . Line charts are optimal for single and multiple series.B . Line charts are optimal for single series when using Fast mode.C . Line charts are optimal for multiple series with 3 or more columns.D...

August 18, 2019 No Comments READ MORE +

Which of the following searches would return events with failure in index netfw or warn or criticalin index netops?

Which of the following searches would return events with failure in index netfw or warn or criticalin index netops?A . (index=netfw failure) AND index=netops warn OR criticalB . (index=netfw failure) OR (index=netops (warn OR critical))C . (index=netfw failure) AND (index=netops (warn OR critical))D . (index=netfw failure) OR index=netops OR (warn...

August 15, 2019 No Comments READ MORE +

When looking at a dashboard panel that is based on a report, which of the following is true?

When looking at a dashboard panel that is based on a report, which of the following is true?A . You can modify the search string in the panel, and you can change and configure the visualization.B . You can modify the search string in the panel, but you cannot change...

August 11, 2019 No Comments READ MORE +

What must be done before an automatic lookup can be created? (select all that apply)

What must be done before an automatic lookup can be created? (select all that apply)A . The lookup command must be used.B . The lookup definition must be created.C . The lookup file must be uploaded to Splunk.D . The lookup file must be verified using the inputlookup command.View AnswerAnswer:...

August 7, 2019 No Comments READ MORE +

What determines the scope of data that appears in a scheduled report?

What determines the scope of data that appears in a scheduled report?A . All data accessible to the User role will appear in the report.B . All data accessible to the owner of the report will appear in the report.C . All data accessible to all users will appear in...

August 6, 2019 No Comments READ MORE +

Which of the following is true about user account settings and preferences?

Which of the following is true about user account settings and preferences?A . Search & Reporting is the only app that can be set as the default application.B . Full names can only be changed by accounts with a Power User or Admin role.C . Time zones are automatically updated...

August 2, 2019 1 Comment READ MORE +