SPLK-1001 exam

Matching search terms are highlighted.A . YesB . NoView AnswerAnswer: A

This function of the stats command allows you to return the middle-most value of field X.A . Median(X)B . Eval by XC . Fields(X)D . Values(X)View AnswerAnswer: A

Query - status != 100:A . Will return event where status field exist but value of that field is not 100.B . Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.C . Will get different results...

Which Boolean operator is always implied between two search terms, unless otherwise specified?A . ORB . NOTC . ANDD . XORView AnswerAnswer: C

What happens when a field is added to the Selected Fields list in the fields sidebar'?A . Splunk will re-run the search job in Verbose Mode to prioritize the new Selected FieldB . Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.C ....

Interesting fields are the fields that have at least 20% of resulting fields.A . TrueB . FalseView AnswerAnswer: A

What determines the scope of data that appears in a scheduled report?A . All data accessible to the User role will appear in the report.B . All data accessible to the owner of the report will appear in the report.C . All data accessible to all users will appear in...

Following are the time selection option while making search: (Choose all that apply.)A . Date & Time RangeB . AdvancedC . Date RangeD . PresetsE . RelativeView AnswerAnswer: B

Forward Option gather and forward data to indexers over a receiving port from remote machines.A . FalseB . TrueView AnswerAnswer: B

Select the correct option that applies to Index time processing (Choose three.).A . IndexingB . SearchingC . ParsingD . SettingsE . InputView AnswerAnswer: A,C,E