28 Questions
Which search string would only return events from hostWWW3?
host=WWW3
By default, how long does Splunk retain a search job?
10 Minutes
What must be done before an automatic lookup can be created? (Choose all that apply.)
The lookup definition must be created.
Which of the following Splunk components typically resides on the machines where data originates?
Forwarder
How can numerical statistics be computed on each field?
To partition the input data based on the split-by fields
How do you add or remove fields from search results?
Use fields + to add and fields ג€"to remove
What should you do if a field exists in search results but isn't being displayed in the fields sidebar?
Click All Fields and select the field to add it to Selected Fields
Which character denotes alphanumeric field values in the fields sidebar?
a
When configuring permissions for a report in Splunk, what are the options for the report to use at run time?
The User role or the owner's profile
When writing searches in Splunk, which of the following is true about Booleans?
They must be uppercase
Which search string would return events with failure in index netfw or warn or critical in index netops?
(index=netfw failure) OR (index=netops (warn OR critical))
Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price
index=security sourcetype=access_* status=200 | stats count by price
Which constraint can be used with the top command in Splunk?
limit
When editing a dashboard in Splunk, which of the following are possible options? (Choose all that apply.)
Modify the chart type displayed in a dashboard panel
When running searches in Splunk, command modifiers in the search string are displayed in what color?
Orange
Which represents the Splunk recommended naming convention for dashboards?
Group_Object_Description
How can search results be kept longer than 7 days in Splunk?
By changing the job settings
Which of the following is a Splunk search best practice?
Filter as early as possible
What effect does clicking and dragging across the timeline have after running a search in Splunk?
Moves to past or future events.
Which command is used to review the contents of a specified static lookup file in Splunk?
inputlookup
What must be done in order to use a lookup table in Splunk?
The lookup file must be uploaded to Splunk and a lookup definition must be created.
When sorting on multiple fields with the sort command in Splunk, what delimiter can be used between the field names in the search?
,
Which time range picker configuration would return real-time events for the past 30 seconds in Splunk?
Real-time - Earliest: 30-seconds ago, Latest: Now
What is the correct syntax to count the number of events containing a vendor_action field in Splunk?
stats count (vendor_action)
What is one benefit of creating dashboard panels from reports in Splunk?
It makes the dashboard more efficient because it only has to run one search string.
By default, which of the following fields would be listed in the fields sidebar under interesting Fields in Splunk?
host
Which of the following statements about case sensitivity is true in Splunk?
Field names ARE case sensitive; field values are NOT.
What does the rare command do in Splunk?
Returns the least common field values of a given field in the results.
Test your knowledge about the effects of clicking and dragging across the timeline after running a search in Splunk. This quiz covers various effects such as executing a new search, filtering current search results, moving to past or future events, and expanding the time range of the search.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
