SPLK-1001 exam

Which component of Splunk is primarily responsible for saving data?A . Search HeadB . Heavy ForwarderC . IndexerD . Universal ForwarderView AnswerAnswer: C

How do you add or remove fields from search results?A . Use field +to add and field -to remove.B . Use table +to add and table -to remove.C . Use fields +to add and fields Cto remove.D . Use fields Plus to add and fields Minus to remove.View AnswerAnswer: C

The default host name used in Inputs general settings can not be changed.A . FalseB . TrueView AnswerAnswer: A

What does the stats command do?A . Automatically correlates related fieldsB . Converts field values into numerical valuesC . Calculates statistics on data that matches the search criteriaD . Analyzes numerical fields for their ability to predict another discrete fieldView AnswerAnswer: C

Creating Data Models: Object ATTRIBUTES do not define ___________.A . a base search for the objectB . fields for the objectView AnswerAnswer: A

It is mandatory for the lookup file to have this for an automatic lookup to work.A . Source typeB . At least five columnsC . TimestampD . Input filedView AnswerAnswer: D

Which component of Splunk let us write SPL query to find the required data?A . ForwardersB . IndexerC . Heavy ForwardersD . Search headView AnswerAnswer: D

Which search string is the most efficient?A . "failed password"B . ''failed password"*C . index=* "failed password"D . index=security "failed password"View AnswerAnswer: D

Which of the following statements are correct about Search & Reporting App? (Choose three.)A . Can be accessed by Apps > Search & Reporting.B . Provides default interface for searching and analyzing logs.C . Enables the user to create knowledge object, reports, alerts and dashboards.D . It only gives us...

Which of the following index searches would provide the most efficient search performance?A . index=*B . index=web OR index=s*C . (index=web OR index=sales)D . *index=sales AND index=web*View AnswerAnswer: C