SPLK-1001

Which Boolean operator is always implied between two search terms, unless otherwise specified?A . ORB . NOTC . ANDD . XORView AnswerAnswer: C

@ Symbol can be used in advanced time unit option.A . NoB . YesView AnswerAnswer: B

When running searches command modifiers in the search string are displayed in what color?A . RedB . BlueC . OrangeD . HighlightedView AnswerAnswer: C

Which search string only returns events from hostWWW3?A . host=WWW3B . host=WWW*C . Host=WWW3View AnswerAnswer: B

Which of the following Splunk components typically resides on the machines where data originates?A . IndexerB . ForwarderC . Search headD . Deployment serverView AnswerAnswer: B

Fields are searchable name and value pairings that differentiates one event from another.A . FalseB . TrueView AnswerAnswer: B

When a Splunk search generates calculated data that appears in the Statistics tab. in what formats can the results be exported?A . CSV, JSON, PDFB . CSV, XML JSONC . Raw Events, XML, JSOND . Raw Events, CSV, XML, JSONView AnswerAnswer: B

Put query into separate lines where | (Pipes) are used by selecting following options.A . CTRL + EnterB . Shift + EnterC . Space + EnterD . ALT + EnterView AnswerAnswer: B

How to make Interesting field into a selected field?A . Click field in field sidebar -> click YES on the pop-up dialog on upper right side -> check now field should be visible in the list of selected fields.B . Not possible.C . Only CLI changes will enable it.D ....

Creating Data Models: Fields associated with a data set are known as ______.A . AttributesB . ConstraintsView AnswerAnswer: A