- All Exams Instant Download
Which is one of the directories Splunk will look in to find the script?
When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?A . $SPLUNK_HOME/bin/scriptsB . $SPLUNK_HOME/etc/scriptsC . $SPLUNK_HOME/bin/etc/scriptsD . $SPLUNK_HOME/etc/scripts/binView AnswerAnswer: A
All users by default have WRITE permission to ALL knowledge objects.
All users by default have WRITE permission to ALL knowledge objects.A . TrueB . FalseView AnswerAnswer: B
Which search matches the events containing the terms "error" and "fail"?
Which search matches the events containing the terms "error" and "fail"?A . index=security Error FailB . index=security error OR failC . index=security “error failure”D . index=security NOT error NOT failView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/Search
Splunk apps are used for following (Choose three.):
Splunk apps are used for following (Choose three.):A . Designed to cater numerous use cases and empower Splunk.B . We can not install Splunk App.C . Allows multiple workspaces for different use cases/user roles.D . It is collection of different Splunk config files like data inputs, UI and Knowledge Object.View...
Fields are searchable key value pairs in your event data.
Fields are searchable key value pairs in your event data.A . TrueB . FalseView AnswerAnswer: A
Which of the following is the best way to create a report that shows the last 24 hours of events?
Which of the following is the best way to create a report that shows the last 24 hours of events?A . Use earliest=-1d@d latest=@dB . Set a real-time search over a 24-hour windowC . Use the time range picket to select “Yesterday”D . Use the time range picker to select...
This search will return 20 results. SEARCH: error | top host limit = 20
This search will return 20 results. SEARCH: error | top host limit = 20A . TrueB . FalseView AnswerAnswer: A
When running searches command modifiers in the search string are displayed in what color?
When running searches command modifiers in the search string are displayed in what color?A . RedB . BlueC . OrangeD . HighlightedView AnswerAnswer: B
Search Assistant is enabled by default in the SPL editor with compact settings.
Search Assistant is enabled by default in the SPL editor with compact settings.A . NoB . YesView AnswerAnswer: B
When viewing the results of a search, what is an Interesting Field?
When viewing the results of a search, what is an Interesting Field?A . A field that appears in any eventB . A field that appears in every eventC . A field that appears in the top 10 eventsD . A field that appears in at least 20% of the eventsView...
