Which search matches the events containing the terms "error" and "fail"?

Which search matches the events containing the terms "error" and "fail"?A . index=security Error FailB . index=security error OR failC . index=security “error failure”D . index=security NOT error NOT failView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/Search

January 29, 2021 No Comments READ MORE +

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?A . the_questionnaire _pediaB . the_questionnaire pediaC . the_questionnaire_pediaD . the_questionnaire PediaView AnswerAnswer: C

January 29, 2021 No Comments READ MORE +

Which of the following is a metadata field assigned to every event in Splunk?

Which of the following is a metadata field assigned to every event in Splunk?A . hostB . ownerC . bytesD . actionView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Assignmetadatatoeventsdynamically

January 29, 2021 No Comments READ MORE +

Which of the following is a Splunk internal field?

Which of the following is a Splunk internal field?A . _rawB . hostC . _hostD . indexView AnswerAnswer: A

January 29, 2021 No Comments READ MORE +

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

Which of the following is a correct way to limit search results to display the 5 most common values of a field?A . | rare top=5B . | top rare=5C . | top limit=5D . | rare limit=5View AnswerAnswer: C

January 29, 2021 No Comments READ MORE +

Which component of Splunk let us write SPL query to find the required data?

Which component of Splunk let us write SPL query to find the required data?A . ForwardersB . IndexerC . Heavy ForwardersD . Search headView AnswerAnswer: D

January 29, 2021 No Comments READ MORE +

What is the purpose of using a by clause with the stats command?

What is the purpose of using a by clause with the stats command?A . To group the results by one or more fields.B . To compute numerical statistics on each field.C . To specify how the values in a list are delimited.D . To partition the input data based on...

January 28, 2021 No Comments READ MORE +

Which search string is the most efficient?

Which search string is the most efficient?A . "failed password"B . ''failed password"*C . index=* "failed password"D . index=security "failed password"View AnswerAnswer: D

January 28, 2021 No Comments READ MORE +

Which component of Splunk is primarily responsible for saving data?

Which component of Splunk is primarily responsible for saving data?A . Search HeadB . Heavy ForwarderC . IndexerD . Universal ForwarderView AnswerAnswer: C

January 28, 2021 No Comments READ MORE +

Which is one of the directories Splunk will look in to find the script?

When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?A . $SPLUNK_HOME/bin/scriptsB . $SPLUNK_HOME/etc/scriptsC . $SPLUNK_HOME/bin/etc/scriptsD . $SPLUNK_HOME/etc/scripts/binView AnswerAnswer: A

January 28, 2021 No Comments READ MORE +