SPLK-1001 exam

Beginning parentheses is automatically highlighted to guide you on the presence of complimenting parentheses.A . NoB . YesView AnswerAnswer: B

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.A . inputlookupB . lookupView AnswerAnswer: B

What is the primary use for the rare command1?A . To sort field values in descending orderB . To return only fields containing five or fewer valuesC . To find the least common values of a field in a datasetD . To find the fields with the fewest number of...

How to make Interesting field into a selected field?A . Click field in field sidebar -> click YES on the pop-up dialog on upper right side -> check now field should be visible in the list of selected fields.B . Not possible.C . Only CLI changes will enable it.D ....

Which search will return the 15 least common field values for the dest_ip field?A . sourcetype=firewall | rare num=15 dest_ipB . sourcetype=firewall | rare last=15 dest_ipC . sourcetype=firewall | rare count=15 dest_ipD . sourcetype=firewall | rare limit=15 dest_ipView AnswerAnswer: C Explanation: Reference: https://answers.splunk.com/answers/41928/add-a-lookup-csv-colum-information-to-the-results-ofa-inputlookup-search.html

Prefix wildcards might cause performance issues.A . FalseB . TrueView AnswerAnswer: B

When a Splunk search generates calculated data that appears in the Statistics tab. in what formats can the results be exported?A . CSV, JSON, PDFB . CSV, XML JSONC . Raw Events, XML, JSOND . Raw Events, CSV, XML, JSONView AnswerAnswer: D

What user interface component allows for time selection?A . Time summaryB . Time range pickerC . Search time pickerD . Data source time statisticsView AnswerAnswer: B

Which of the following is a Splunk internal field?A . _rawB . hostC . _hostD . indexView AnswerAnswer: A

All components are installed and administered in Splunk Enterprise on-premise.A . TrueB . FalseView AnswerAnswer: A