SPLK-2001 exam

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)A . No need to do anything, it is turned on by default.B . When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.C . When...

Which of the following statements describe oneshot searches? (Select all that apply.)A . Are always executed asynchronously.B . Can specify csv as an output format.C . Stream all results upon search completion.D . Can use auto_cancel to set a timeout limit.View AnswerAnswer: BC Explanation: Reference: https://dev.splunk.com/enterprise/docs/devtools/java/sdk-java/howtousesdkjava/howtoworkjobjava/

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?A . /servicesNS/-/data/saved/searches/mySearchB . /servicesNS/object/saved/searches/mySearchC . /servicesNS/search/saved/searches/mySearchD . /servicesNS/-/search/saved/searches/mySearchView AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)A . Stores checkpoint data for modular inputs.B . Tracks workflow in an incident-review system.C . Indexes metrics data from remote HTTP sources.D . Stores application state as a user interacts with an...

After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance. After logging in to the new instance, the dashboard is not seen. What could have happened? (Select all that apply.)A . The dashboard’s permissions were set to private.B . User role permissions are different...

There is a global search named “global_search” defined on a form as shown below: <search id=“global_search”> <query> index-_internal source-*splunkd.log | stats count by component, log_level </query> </search> Which of the following would be a valid post-processing search? (Select all that apply.)A . | tstats countB . sourcetype=mysourcetypeC . stats sum(count)...

Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)A . Add custom layouts.B . Add custom graphics.C . Add custom behaviors.D . Limit Splunk license consumption based on host.View AnswerAnswer: AC Explanation: Reference: https://dev.splunk.com/enterprise/docs/developapps/visualizedata/usewebframework/modifydashboards/

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)A . Cannot use event sampling.B . Use a transforming command.C . Use a standard Splunk visualization.D . Commands before the first transforming command must be streamable.View AnswerAnswer: ABD Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Knowledge/Manageacceleratedsearchsummaries

Which of the following are ways to get a list of search jobs? (Select all that apply.)A . Access Activity > Jobs with Splunk Web.B . Use Splunk REST to query the /services/search/jobs endpoint.C . Use Splunk REST to query the /services/saved/searches endpoint.D . Use Splunk REST to query the...

Which of the following is true of a namespace?A . The namespace is a type of token filter.B . The namespace includes an app attribute which cannot be a wildcard.C . The namespace filters the knowledge objects returned by the REST APE . The namespace does not filter knowledge objects...