SPLK-1001 exam

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?A . hostB . indexC . sourceD . sourcetypeView AnswerAnswer: D Explanation: The fields sidebar in Splunk shows the default fields and the interesting fields for the events that match your search. The default...

Which search string is the most efficient?A . "failed password"B . ''failed password"*C . index=* "failed password"D . index=security "failed password"View AnswerAnswer: D

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.A . inputlookupB . lookupView AnswerAnswer: B

Which command automatically returns percent and count columns when executing searches?A . topB . statsC . tableD . percentView AnswerAnswer: A

Which of the following searches will show the number of categoryld used by each host?A . Sourcetype=access_* |sum bytes by hostB . Sourcetype=access_* |stats sum(categorylD) by hostC . Sourcetype=access_* |sum(bytes) by hostD . Sourcetype=access_* |stats sum by hostView AnswerAnswer: B

When looking at a dashboard panel that is based on a report, which of the following is true?A . You can modify the search string in the panel, and you can change and configure the visualization.B . You can modify the search string in the panel, but you cannot change...

It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.A . TrueB . FalseView AnswerAnswer: B

Splunk Components: Which of the following are responsible for reducing search results?A . search headsB . indexersC . forwardersView AnswerAnswer: B

Which of the following are common constraints of the top command?A . limit, countB . limit, showpercentC . limits, countfieldD . showperc, countfieldView AnswerAnswer: B

It is not possible for a single instance of Splunk to manage the input, parsing and indexing of machine.A . TrueB . FalseView AnswerAnswer: B