SPLK-1001 V1

When looking at a dashboard panel that is based on a report, which of the following is true?A . You can modify the search string in the panel, and you can change and configure the visualization.B . You can modify the search string in the panel, but you cannot change...

Which of the following index searches would provide the most efficient search performance?A . index=*B . index=web OR index=s*C . (index=web OR index=sales)D . *index=sales AND index=web*View AnswerAnswer: C

By default, how long does Splunk retain a search job?A . 10 MinutesB . 15 MinutesC . 1 DayD . 7 DaysView AnswerAnswer: A

This function of the stats command allows you to return the middle-most value of field X.A . Median(X)B . Eval by XC . Fields(X)D . Values(X)View AnswerAnswer: A

36. Lookups can be private for a user.A . TrueB . FalseView AnswerAnswer: A

Which command automatically returns percent and count columns when executing searches?A . topB . statsC . tableD . percentView AnswerAnswer: A

Which of the following are functions of the stats command?A . count, sum, addB . count, sum, lessC . sum, avg, valuesD . sum, values, tableView AnswerAnswer: C

This search will return 20 results. SEARCH: error | top host limit = 20A . TrueB . FalseView AnswerAnswer: A

In automatic lookup definitions, the _____ fields are those that are not in the event data.A . inputB . outputView AnswerAnswer: B

It is mandatory for the lookup file to have this for an automatic lookup to work.A . Source typeB . At least five columnsC . TimestampD . Input filedView AnswerAnswer: D