Splunk Search and Retention Quiz

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which search string returns events only from hostWWW3?

  • host=*
  • host=WWW*
  • host=WWW3 (correct)
  • Host=WWW3

By default, how long does Splunk retain a search job?

  • 15 Minutes
  • 10 Minutes (correct)
  • 1 Day
  • 7 Days

What is required before an automatic lookup can be created? (Choose all that apply.)

  • The lookup file must be verified using the inputlookup command.
  • The lookup file must be uploaded to Splunk.
  • The lookup definition must be created. (correct)
  • The lookup command must be used.

Which of the following Splunk components typically resides on the machines where data originates?

<p>Forwarder (D)</p> Signup and view all the answers

What is the purpose of regularly scheduled archiving in Splunk?

<p>Moving to past or future events (C)</p> Signup and view all the answers

After running a search in Splunk, what effect does clicking and dragging across the timeline have?

<p>Moves to past or future events (C)</p> Signup and view all the answers

Which command is used to review the contents of a specified static lookup file in Splunk?

<p>inputlookup (C)</p> Signup and view all the answers

In order to use a lookup table in Splunk, what must be done?

<p>The lookup file must be uploaded to Splunk and a lookup definition must be created (B)</p> Signup and view all the answers

When sorting on multiple fields with the sort command in Splunk, what delimiter can be used between the field names in the search?

<p>, (C)</p> Signup and view all the answers

Which time range picker configuration in Splunk would return real-time events for the past 30 seconds?

<p>Real-time - Earliest: 30-seconds ago, Latest: Now (C)</p> Signup and view all the answers

When writing searches in Splunk, which of the following is true about Booleans?

<p>They must be lowercase. (C)</p> Signup and view all the answers

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

<p>(index=netfw failure) OR (index=netops (warn OR critical)) (D)</p> Signup and view all the answers

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

<p>index=security sourcetype=access_* status=200 | stats count by price (D)</p> Signup and view all the answers

Which of the following constraints can be used with the top command?

<p>limit (C)</p> Signup and view all the answers

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

<p>Modify the chart type displayed in a dashboard panel. (D)</p> Signup and view all the answers

When running searches, command modifiers in the search string are displayed in what color?

<p>Orange (D)</p> Signup and view all the answers

Which of the following represents the Splunk recommended naming convention for dashboards?

<p>Group_Object_Description (A)</p> Signup and view all the answers

How can search results be kept longer than 7 days?

<p>By changing the job settings. (C)</p> Signup and view all the answers

Which of the following is a Splunk search best practice?

<p>Filter as early as possible. (D)</p> Signup and view all the answers

Flashcards are hidden until you start studying

Related Documents

Splunk set 1.docx

More Like This

Splunk Search Queries and Settings Quiz
11 questions

Splunk Search Queries and Settings Quiz

IrresistibleLitotes avatar
IrresistibleLitotes
Splunk Search Effects Quiz
28 questions

Splunk Search Effects Quiz

IrresistibleLitotes avatar
IrresistibleLitotes
Splunk Search and Eval Commands Quiz
11 questions

Splunk Search Under the Hood Quiz: Test Eval Commands

TalentedNickel avatar
TalentedNickel
Splunk
3 questions

Splunk

LuminousSage avatar
LuminousSage
Use Quizgecko on...
Browser
Open
Browser
Browser