SPLK-1001 exam

Splunk Components: Which of the following are responsible for reducing search results?A . search headsB . indexersC . forwardersView AnswerAnswer: B

Which events will be returned by the following search string? host=www3 status=503A . All events that either have a host of www3 or a status of 503.B . All events with a host of www3 that also have a status of 503C . We need more information: we cannot tell...

Which search string matches only events with the status_code of 4:4?A . status_code !=404B . status_code>=400C . status_code<=404D . status code>403 status_code<405View AnswerAnswer: D

In automatic lookup definitions, the _____ fields are those that are not in the event data.A . inputB . outputView AnswerAnswer: B

Which of the following are not true about lookups? (Select all that apply.)A . Lookups can be time basedB . Search results can be used to populate a lookup tableC . Splunk DB Connect can be used to populate a lookup table from relational databasesD . Output from a script...

When viewing the results of a search, what is an Interesting Field?A . A field that appears in any eventB . A field that appears in every eventC . A field that appears in the top 10 eventsD . A field that appears in at least 20% of the eventsView...

Which of the following are common constraints of the top command?A . limit, countB . limit, showpercentC . limits, countfieldD . showperc, countfieldView AnswerAnswer: B

The stats command will create a _____________ by default.A . TableB . ReportC . Pie chartView AnswerAnswer: A

Which of the following fields is stored with the events in the index?A . userB . sourceC . locationD . sourcelpView AnswerAnswer: B

It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.A . TrueB . FalseView AnswerAnswer: B