- All Exams Instant Download
Which of the following statements about case sensitivity is true?
Which of the following statements about case sensitivity is true?A . Both field names and field values ARE case sensitive.B . Field names ARE case sensitive; field values are NOD . Field values ARE case sensitive; field names ARE NOF . Both field names and field values ARE NOT case...
How does Splunk determine which fields to extract from data?
How does Splunk determine which fields to extract from data?A . Splunk only extracts the most interesting data from the last 24 hours.B . Splunk only extracts fields users have manually specified in their data.C . Splunk automatically extracts any fields that generate interesting visualizations.D . Splunk automatically discovers many...
How can it be added to the fields sidebar?
A field exists in search results, but isn’t being displayed in the fields sidebar. How can it be added to the fields sidebar?A . Click All Fields and select the field to add it to Selected Fields.B . Click Interesting Fields and select the field to add it to Selected...
Which stats command function provides a count of how many unique values exist for a given field in the result set?
Which stats command function provides a count of how many unique values exist for a given field in the result set?A . dc(field)B . count(field)C . count-by(field)D . distinct-count(field)View AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Usethestatscommandandfunctions
Which of the following is a Splunk search best practice?
Which of the following is a Splunk search best practice?A . Filter as early as possible.B . Never specify more than one index.C . Include as few search terms as possible.D . Use wildcards to return more search results.View AnswerAnswer: A
When editing a dashboard, which of the following are possible options? (Choose all that apply.)
When editing a dashboard, which of the following are possible options? (Choose all that apply.)A . Add an output.B . Export a dashboard panel.C . Modify the chart type displayed in a dashboard panel.D . Drag a dashboard panel to a different location on the dashboard.View AnswerAnswer: C
Which is one of the directories Splunk will look in to find the script?
When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?A . $SPLUNK_HOME/bin/scriptsB . $SPLUNK_HOME/etc/scriptsC . $SPLUNK_HOME/bin/etc/scriptsD . $SPLUNK_HOME/etc/scripts/binView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Alert/Configuringscriptedalerts
What is the correct syntax to count the number of events containing a vendor_actionfield?
What is the correct syntax to count the number of events containing a vendor_actionfield?A . count stats vendor_actionB . count stats (vendor_action)C . stats count (vendor_action)D . stats vendor_action (count)View AnswerAnswer: C
Which statement is true about Splunk alerts?
Which statement is true about Splunk alerts?A . Alerts are based on searches that are either run on a scheduled interval or in real-time.B . Alerts are based on searches and when triggered will only send an email notification.C . Alerts are based on searches and require cron to run...
Which Boolean operator is always implied between two search terms, unless otherwise specified?
Which Boolean operator is always implied between two search terms, unless otherwise specified?A . ORB . NOTC . ANDD . XORView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Booleanexpressions
