SPLK-1001 V2

Which of the following Splunk components typically resides on the machines where data originates?A . IndexerB . ForwarderC . Search headD . Deployment serverView AnswerAnswer: B

Clicking a SEGMENT on a chart, ________.A . drills down for that valueB . highlights the field value across the chartC . adds the highlighted value to the search criteriaView AnswerAnswer: A

This clause is used to group the output of a stats command by a specific name.A . RexB . AsC . ListD . ByView AnswerAnswer: D

This is what Splunk uses to categorize the data that is being indexed.A . HostB . SourcetypeC . IndexD . SourceView AnswerAnswer: B

Which search matches the events containing the terms "error" and "fail"?A . index=security Error FailB . index=security error OR failC . index=security “error failure”D . index=security NOT error NOT failView AnswerAnswer: B Explanation: In Splunk, search queries are case-insensitive by default, meaning that it doesn't matter whether you use uppercase...

All users by default have WRITE permission to ALL knowledge objects.A . TrueB . FalseView AnswerAnswer: B

Creating Data Models: Object ATTRIBUTES do not define ___________.A . a base search for the objectB . fields for the objectView AnswerAnswer: A

This function of the stats command allows you to return the sample standard deviation of a field.A . stdevB . devC . count deviationD . by standarddevView AnswerAnswer: A

What determines the scope of data that appears in a scheduled report?A . All data accessible to the User role will appear in the report.B . All data accessible to the owner of the report will appear in the report.C . All data accessible to all users will appear in...

When displaying results of a search, which of the following is true about line charts?A . Line charts are optimal for single and multiple series.B . Line charts are optimal for single series when using Fast mode.C . Line charts are optimal for multiple series with 3 or more columns.D...