Podcast
Questions and Answers
Which search string returns events only from hostWWW3?
Which search string returns events only from hostWWW3?
- host=*
- host=WWW*
- host=WWW3 (correct)
- Host=WWW3
By default, how long does Splunk retain a search job?
By default, how long does Splunk retain a search job?
- 15 Minutes
- 10 Minutes (correct)
- 1 Day
- 7 Days
What is required before an automatic lookup can be created? (Choose all that apply.)
What is required before an automatic lookup can be created? (Choose all that apply.)
- The lookup file must be verified using the inputlookup command.
- The lookup file must be uploaded to Splunk.
- The lookup definition must be created. (correct)
- The lookup command must be used.
Which of the following Splunk components typically resides on the machines where data originates?
Which of the following Splunk components typically resides on the machines where data originates?
What is the purpose of regularly scheduled archiving in Splunk?
What is the purpose of regularly scheduled archiving in Splunk?
After running a search in Splunk, what effect does clicking and dragging across the timeline have?
After running a search in Splunk, what effect does clicking and dragging across the timeline have?
Which command is used to review the contents of a specified static lookup file in Splunk?
Which command is used to review the contents of a specified static lookup file in Splunk?
In order to use a lookup table in Splunk, what must be done?
In order to use a lookup table in Splunk, what must be done?
When sorting on multiple fields with the sort command in Splunk, what delimiter can be used between the field names in the search?
When sorting on multiple fields with the sort command in Splunk, what delimiter can be used between the field names in the search?
Which time range picker configuration in Splunk would return real-time events for the past 30 seconds?
Which time range picker configuration in Splunk would return real-time events for the past 30 seconds?
When writing searches in Splunk, which of the following is true about Booleans?
When writing searches in Splunk, which of the following is true about Booleans?
Which of the following searches would return events with failure in index netfw or warn or critical in index netops?
Which of the following searches would return events with failure in index netfw or warn or critical in index netops?
Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price
Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price
Which of the following constraints can be used with the top command?
Which of the following constraints can be used with the top command?
When editing a dashboard, which of the following are possible options? (Choose all that apply.)
When editing a dashboard, which of the following are possible options? (Choose all that apply.)
When running searches, command modifiers in the search string are displayed in what color?
When running searches, command modifiers in the search string are displayed in what color?
Which of the following represents the Splunk recommended naming convention for dashboards?
Which of the following represents the Splunk recommended naming convention for dashboards?
How can search results be kept longer than 7 days?
How can search results be kept longer than 7 days?
Which of the following is a Splunk search best practice?
Which of the following is a Splunk search best practice?
Flashcards are hidden until you start studying
