Question 1

Select the correct option that applies to Index time processing (Choose three.) .

Accepted Answer

A)   Indexing
B)   Searching
C)   Parsing
D)   Settings
E)   InputF) A) and E)
G) C) and E)

Question 2

What must be done in order to use a lookup table in Splunk?

Accepted Answer

A)   The lookup must be configured to run automatically.
B)   The contents of the lookup file must be copied and pasted into the search bar.
C)   The lookup file must be uploaded to Splunk and a lookup definition must be created.
D)   The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.E) A) and B)
F) All of the above

Question 3

What can be configured using the Edit Job Settings menu?

Accepted Answer

A)   Export the result to CSV format.
B)   Add the Job results to a dashboard.
C)   Schedule the Job to re-run in 10 minutes.
D)   Change Job Lifetime from 10 minutes to 7 days.E) None of the above
F) C) and D)

Question 4

What does the stats command do?

Accepted Answer

A)   Automatically correlates related fields.
B)   Converts field values into numerical values.
C)   Calculates statistics on data that matches the search criteria.
D)   Analyzes numerical fields for their ability to predict another discrete field.E) A) and D)
F) None of the above

Question 5

Which of the following index searches would provide the most efficient search performance?

Accepted Answer

A)   index=*
B)   index=web OR index=s*
C)   (index=web OR index=sales) 
D)   *index=sales AND index=web*E) C) and D)
F) B) and D)

Question 6

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

Accepted Answer

A)   Click All Fields and select the field to add it to Selected Fields.
B)   Click Interesting Fields and select the field to add it to Selected Fields.
C)   Click Selected Fields and select the field to add it to Interesting Fields.
D)   This scenario isn't possible because all fields returned from a search always appear in the fields sidebar.E) A) and C)
F) A) and D)

Question 7

What are the steps to schedule a report?

Accepted Answer

A)   After saving the report, click Schedule.
B)   After saving the report, click Event Type.
C)   After saving the report, click Scheduling.
D)   After saving the report, click Dashboard Panel.E) All of the above
F) None of the above

Question 8

We should use heavy forwarder for sending event-based data to Indexers.

Accepted Answer

A) True 
 B)False

Question 9

Data summary button just below the search bar gives you the following (Choose three.) :

Accepted Answer

A)   Hosts
B)   Sourcetypes
C)   Sources
D)   IndexesE) B) and C)
F) A) and D)

Question 10

Prefix wildcards might cause performance issues.

Accepted Answer

A) True 
 B)False

Question 11

You can use the following options to specify start and end time for the query range:

Accepted Answer

A)   earliest=
B)   latest=
C)   beginning=
D)   ending=
E)   All the aboveF)  Only 3rd and 4thG) A) and B)
H) C) and D)

Question 12

Uploading local files though Upload options index the file only once.

Accepted Answer

A)   No
B)   YesC) A) and B)
D) undefined

Question 13

Log filtering/parsing can be done from _____________.

Accepted Answer

A)   Index Forwarders (IF) 
B)   Universal Forwarders (UF) 
C)   Super Forwarder (SF) 
D)   Heavy Forwarders (HF) E) B) and C)
F) A) and D)

Question 14

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Accepted Answer

A)   host
B)   index
C)   source
D)   sourcetypeE) A) and B)
F) A) and C)

Question 15

Which search string is the most efficient?

Accepted Answer

A)   "failed password"
B)   "failed password"*
C)   index=* "failed password"
D)   index=security "failed password"E) C) and D)
F) A) and B)

Question 16

What user interface component allows for time selection?

Accepted Answer

A)   Time summary
B)   Time range picker
C)   Search time picker
D)   Data source time statisticsE) A) and B)
F) B) and D)

Question 17

In the fields sidebar, which character denotes alphanumeric field values?

Accepted Answer

A)   #
B)   %
C)   a
D)   a#E) A) and C)
F) All of the above

Question 18

What is the correct syntax to count the number of events containing a vendor_action field?

Accepted Answer

A)   count stats vendor_action
B)   count stats (vendor_action) 
C)   stats count (vendor_action) 
D)   stats vendor_action (count) E) A) and B)
F) None of the above

Question 19

What type of search can be saved as a report?

Accepted Answer

A)   Any search can be saved as a report.
B)   Only searches that generate visualizations.
C)   Only searches containing a transforming command.
D)   Only searches that generate statistics or visualizations.E) A) and D)
F) A) and C)

Question 20

Which Boolean operator is always implied between two search terms, unless otherwise specified?

Accepted Answer

A)   OR
B)   NOT
C)   AND
D)   XORE) A) and D)
F) A) and C)

Exam 1: Splunk Core Certified User

What user interface component allows for time selection?

Correct AnswerverifiedShow Answer

Which Boolean operator is always implied between two search terms, unless otherwise specified?

Correct AnswerverifiedShow Answer

Uploading local files though Upload options index the file only once.

Correct AnswerverifiedShow Answer

What type of search can be saved as a report?

Correct AnswerverifiedShow Answer

Which of the following index searches would provide the most efficient search performance?

Correct AnswerverifiedShow Answer

What are the steps to schedule a report?

Correct AnswerverifiedShow Answer

Prefix wildcards might cause performance issues.

Correct AnswerverifiedShow Answer

In the fields sidebar, which character denotes alphanumeric field values?

Correct AnswerverifiedShow Answer

What can be configured using the Edit Job Settings menu?

Correct AnswerverifiedShow Answer

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

Correct AnswerverifiedShow Answer

We should use heavy forwarder for sending event-based data to Indexers.

Correct AnswerverifiedShow Answer

Data summary button just below the search bar gives you the following (Choose three.) :

Correct AnswerverifiedShow Answer

What must be done in order to use a lookup table in Splunk?

Correct AnswerverifiedShow Answer

You can use the following options to specify start and end time for the query range:

Correct AnswerverifiedShow Answer

Which search string is the most efficient?

Correct AnswerverifiedShow Answer

Log filtering/parsing can be done from _____________.

Correct AnswerverifiedShow Answer

Select the correct option that applies to Index time processing (Choose three.) .

Correct AnswerverifiedShow Answer

What does the stats command do?

Correct AnswerverifiedShow Answer

What is the correct syntax to count the number of events containing a vendor_action field?

Correct AnswerverifiedShow Answer

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified