Splunk Search and Retention Quiz

Which search string returns events only from hostWWW3?

By default, how long does Splunk retain a search job?

What is required before an automatic lookup can be created? (Choose all that apply.)

Which of the following Splunk components typically resides on the machines where data originates?

What is the purpose of regularly scheduled archiving in Splunk?

After running a search in Splunk, what effect does clicking and dragging across the timeline have?

Which command is used to review the contents of a specified static lookup file in Splunk?

In order to use a lookup table in Splunk, what must be done?

When sorting on multiple fields with the sort command in Splunk, what delimiter can be used between the field names in the search?

Which time range picker configuration in Splunk would return real-time events for the past 30 seconds?

When writing searches in Splunk, which of the following is true about Booleans?

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

Which of the following constraints can be used with the top command?

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

When running searches, command modifiers in the search string are displayed in what color?

Which of the following represents the Splunk recommended naming convention for dashboards?

How can search results be kept longer than 7 days?

Which of the following is a Splunk search best practice?