SPLK-1001 V2

When placed early in a search, which command is most effective at reducing search execution time?A . dedupB . renameC . sort -D . fields +View AnswerAnswer: D

In automatic lookup definitions, the _____ fields are those that are not in the event data.A . inputB . outputView AnswerAnswer: B

According to Splunk best practices, which placement of the wildcard results in the most efficient search?A . f*ilB . *failC . fail*D . *fail*View AnswerAnswer: C

When viewing the results of a search, what is an Interesting Field?A . A field that appears in any eventB . A field that appears in every eventC . A field that appears in the top 10 eventsD . A field that appears in at least 20% of the eventsView...

What is the purpose of using a by clause with the stats command?A . To group the results by one or more fields.B . To compute numerical statistics on each field.C . To specify how the values in a list are delimited.D . To partition the input data based on...

What does the stats command do?A . Automatically correlates related fieldsB . Converts field values into numerical valuesC . Calculates statistics on data that matches the search criteriaD . Analyzes numerical fields for their ability to predict another discrete fieldView AnswerAnswer: C

36. Lookups can be private for a user.A . TrueB . FalseView AnswerAnswer: A

Splunk Components: Which of the following are responsible for parsing incoming data and storing data on disc?A . forwardersB . indexersC . search headsView AnswerAnswer: B

Which statement is true about the top command?A . It returns the top 10 resultsB . It displays the output in table formatC . It returns the count and percent columns per rowD . All of the aboveView AnswerAnswer: D

What can be configured using the Edit Job Settings menu?A . Export the results to CSV formatB . Add the Job results to a dashboardC . Schedule the Job to re-run in 10 minutesD . Change Job Lifetime from 10 minutes to 7 days.View AnswerAnswer: D