SPLK-1001

How do you add or remove fields from search results?A . Use field +to add and field -to remove.B . Use table +to add and table -to remove.C . Use fields +to add and fields Cto remove.D . Use fields Plus to add and fields Minus to remove.View AnswerAnswer: C

You can also specify a time range in the search bar. You can use the following for beginning and ending for a time range (Choose two.):A . Not possible to specify time manually in Search queryB . end=C . start=D . earliest=E . latest=View AnswerAnswer: D,E

Which of the following statements describes a search job?A . Once a search job begins, it cannot be stoppedB . A search job can only be paused when less than 50% of events are returnedC . A search job can only be stopped when less than 50% of events are...

What determines the scope of data that appears in a scheduled report?A . All data accessible to the User role will appear in the report.B . All data accessible to the owner of the report will appear in the report.C . All data accessible to all users will appear in...

How does Splunk determine which fields to extract from data?A . Splunk only extracts the most interesting data from the last 24 hours.B . Splunk only extracts fields users have manually specified in their data.C . Splunk automatically extracts any fields that generate interesting visualizations.D . Splunk automatically discovers many...

Data summary button just below the search bar gives you the following (Choose three.):A . HostsB . SourcetypesC . SourcesD . IndexesView AnswerAnswer: A,B,D

Which symbol is used to snap the time?A . @B . &C . *D . #View AnswerAnswer: A

Interesting fields are the fields that have at least 20% of resulting fields.A . TrueB . FalseView AnswerAnswer: A

There are three different search modes in Splunk (Choose three.):A . AutomaticB . SmartC . FastD . VerboseView AnswerAnswer: B,C,D

The stats command will create a _____________ by default.A . TableB . ReportC . Pie chartView AnswerAnswer: A