SPLK-1001 exam

When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?A . |B . $C . !D . ,View AnswerAnswer: D

Field values are case sensitive.A . TrueB . FalseView AnswerAnswer: B

NOT status = 100:A . Will display result depending on the data.B . Will return event where status field exist but value of that field is not 100.C . Will return event where status field exist but value of that field is not 100 and all events where status field...

What kind of logs can Splunk Index?A . Only A, BB . Router and Switch LogsC . Firewall and Web Server LogsD . Only CE . Database logsF . All firewall, web server, database, router and switch logsView AnswerAnswer: F

All components are installed and administered in Splunk Enterprise on-premise.A . TrueB . FalseView AnswerAnswer: A

Which of the following is the best way to create a report that shows the last 24 hours of events?A . Use earliest=-1d@d latest=@dB . Set a real-time search over a 24-hour windowC . Use the time range picket to select “Yesterday”D . Use the time range picker to select...

What must be done before an automatic lookup can be created? (select all that apply)A . The lookup command must be used.B . The lookup definition must be created.C . The lookup file must be uploaded to Splunk.D . The lookup file must be verified using the inputlookup command.View AnswerAnswer:...

Universal forwarder is recommended for forwarding the logs to indexers.A . FalseB . TrueView AnswerAnswer: B

Creating Data Models: Object ATTRIBUTES do not define ___________.A . a base search for the objectB . fields for the objectView AnswerAnswer: A

What is a primary function of a scheduled report?A . Auto-detect changes in performanceB . Auto-generated PDF reports of overall data trendsC . Regularly scheduled archiving to keep disk space use lowD . Triggering an alert in your Splunk instance when certain conditions are metView AnswerAnswer: D