Which of the following is a Splunk search best practice?
Which of the following is a Splunk search best practice?A . Filter as early as possible.B . Never specify more than one index.C . Include as few search terms as possible.D . Use wildcards to return more search results.View AnswerAnswer: A
When writing searches in Splunk, which of the following is true about Booleans?
When writing searches in Splunk, which of the following is true about Booleans?A . They must be lowercase.B . They must be uppercase.C . They must be in quotations.D . They must be in parentheses.View AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Booleanexpressions
When displaying results of a search, which of the following is true about line charts?
When displaying results of a search, which of the following is true about line charts?A . Line charts are optimal for single and multiple series.B . Line charts are optimal for single series when using Fast mode.C . Line charts are optimal for multiple series with 3 or more columns.D...
Which of the following searches would return events with failure in index netfw or warn or criticalin index netops?
Which of the following searches would return events with failure in index netfw or warn or criticalin index netops?A . (index=netfw failure) AND index=netops warn OR criticalB . (index=netfw failure) OR (index=netops (warn OR critical))C . (index=netfw failure) AND (index=netops (warn OR critical))D . (index=netfw failure) OR index=netops OR (warn...
When looking at a dashboard panel that is based on a report, which of the following is true?
When looking at a dashboard panel that is based on a report, which of the following is true?A . You can modify the search string in the panel, and you can change and configure the visualization.B . You can modify the search string in the panel, but you cannot change...
What must be done before an automatic lookup can be created? (select all that apply)
What must be done before an automatic lookup can be created? (select all that apply)A . The lookup command must be used.B . The lookup definition must be created.C . The lookup file must be uploaded to Splunk.D . The lookup file must be verified using the inputlookup command.View AnswerAnswer:...
What determines the scope of data that appears in a scheduled report?
What determines the scope of data that appears in a scheduled report?A . All data accessible to the User role will appear in the report.B . All data accessible to the owner of the report will appear in the report.C . All data accessible to all users will appear in...
Which of the following is true about user account settings and preferences?
Which of the following is true about user account settings and preferences?A . Search & Reporting is the only app that can be set as the default application.B . Full names can only be changed by accounts with a Power User or Admin role.C . Time zones are automatically updated...