Splunk Search Queries and Job Lifetimes Quiz

What is the correct search string to only return events from hostWWW3?

host=WWW3

How long does Splunk retain a search job by default?

10 Minutes

What must be done before an automatic lookup can be created? (Choose all that apply.)

The lookup definition must be created.

Which of the following Splunk components typically resides on the machines where data originates?

Forwarder Signup and view all the answers

What determines the scope of data that appears in a scheduled report?

All data accessible to the owner of the report will appear in the report. Signup and view all the answers

What effect does clicking and dragging across the timeline have after running a search in Splunk?

Moves to past or future events. Signup and view all the answers

Which command is used to review the contents of a specified static lookup file in Splunk?

inputlookup Signup and view all the answers

What must be done in order to use a lookup table in Splunk?

The lookup file must be uploaded to Splunk and a lookup definition must be created. Signup and view all the answers

When sorting on multiple fields with the sort command in Splunk, what delimiter can be used between the field names in the search?

, Signup and view all the answers

Which time range picker configuration would return real-time events for the past 30 seconds in Splunk?

Real-time - Earliest: 30-seconds ago, Latest: Now Signup and view all the answers

Which of the following is true about Booleans when writing searches in Splunk?

They must be uppercase. Signup and view all the answers

In Splunk, which search string would return events with failure in index netfw or warn or critical in index netops?

(index=netfw failure) OR (index=netops (warn OR critical)) Signup and view all the answers

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

index=security sourcetype=access_* status=200 | stats count by price Signup and view all the answers

Which of the following constraints can be used with the top command in Splunk?

limit Signup and view all the answers

When editing a dashboard in Splunk, which of the following are possible options? (Choose all that apply.)

Modify the chart type displayed in a dashboard panel. Signup and view all the answers

When running searches, command modifiers in the search string are displayed in what color?

Orange Signup and view all the answers

How can search results be kept longer than 7 days in Splunk?

By changing the job settings. Signup and view all the answers

Which of the following is a Splunk search best practice?

Filter as early as possible. Signup and view all the answers

'When looking at a dashboard panel that is based on a report, which of the following is true?'

You cannot modify the search string in the panel, but you can change and configure the visualization. Signup and view all the answers

Which of the following represents the Splunk recommended naming convention for dashboards?

Group_Object_Description Signup and view all the answers

What is a primary function of a scheduled report in Splunk?

Auto-generated PDF reports of overall data trends. Signup and view all the answers