SPLK-1001 exam

This search will return 20 results. SEARCH: error | top host limit = 20A . TrueB . FalseView AnswerAnswer: A

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.A . inputlookupB . lookupView AnswerAnswer: B

Select the correct option that applies to Index time processing (Choose three.).A . IndexingB . SearchingC . ParsingD . SettingsE . InputView AnswerAnswer: A,C,E

The default host name used in Inputs general settings can not be changed.A . FalseB . TrueView AnswerAnswer: A

What is the primary use for the rare command1?A . To sort field values in descending orderB . To return only fields containing five or fewer valuesC . To find the least common values of a field in a datasetD . To find the fields with the fewest number of...

Assuming a user has the capability to edit reports, which of the following are editable?A . Acceleration, schedule, permissionsB . The report’s name, schedule, permissionsC . The report’s name, acceleration, scheduleD . The report’s name, acceleration, permissionsView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Report/Createandeditreports

Which Boolean operator is always implied between two search terms, unless otherwise specified?A . ORB . NOTC . ANDD . XORView AnswerAnswer: C

@ Symbol can be used in advanced time unit option.A . NoB . YesView AnswerAnswer: B

When running searches command modifiers in the search string are displayed in what color?A . RedB . BlueC . OrangeD . HighlightedView AnswerAnswer: C

Which search string only returns events from hostWWW3?A . host=WWW3B . host=WWW*C . Host=WWW3View AnswerAnswer: B