SPLK-1001 V1

In automatic lookup definitions, the _____ fields are those that are not in the event data.A . inputB . outputView AnswerAnswer: B

Which of the following are not true about lookups? (Select all that apply.)A . Lookups can be time basedB . Search results can be used to populate a lookup tableC . Splunk DB Connect can be used to populate a lookup table from relational databasesD . Output from a script...

When viewing the results of a search, what is an Interesting Field?A . A field that appears in any eventB . A field that appears in every eventC . A field that appears in the top 10 eventsD . A field that appears in at least 20% of the eventsView...

Which of the following are common constraints of the top command?A . limit, countB . limit, showpercentC . limits, countfieldD . showperc, countfieldView AnswerAnswer: B

The stats command will create a _____________ by default.A . TableB . ReportC . Pie chartView AnswerAnswer: A

Which of the following fields is stored with the events in the index?A . userB . sourceC . locationD . sourcelpView AnswerAnswer: B

It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.A . TrueB . FalseView AnswerAnswer: B

Creating Data Models: Fields associated with a data set are known as ______.A . AttributesB . ConstraintsView AnswerAnswer: A

In the Splunk interface, the list of alerts can be filtered based on which characteristics?A . App, Owner, Severity, and TypeB . App, Owner, Priority, and StatusC . App, Dashboard, Severity, and TypeD . App, Time Window, Type, and SeverityView AnswerAnswer: D

What is the correct syntax to count the number of events containing a vendor_action field?A . count stats vendor_actionB . count stats (vendor_action)C . stats count (vendor_action)D . stats vendor_action (count)View AnswerAnswer: C Explanation: The stats command calculates statistics based on fields in the events. The count function counts the...