Splunk Search Queries and Settings Quiz

Questions and Answers

Which search string will only return events from hostWWW3?

• host=WWW3 (correct)
• Host=WWW3
• host=WWW*
• host=*

By default, how long does Splunk retain a search job?

• 10 Minutes (correct)
• 15 Minutes
• 1 Day
• 7 Days

What must be done before an automatic lookup can be created? (Choose all that apply.)

• The lookup command must be used.
• The lookup file must be uploaded to Splunk.
• The lookup definition must be created. (correct)
• The lookup file must be verified using the inputlookup command.

Which of the following Splunk components typically resides on the machines where data originates?

Forwarder (D)

What determines the scope of data that appears in a scheduled report?

The timeframe specified in the scheduled report settings determines the scope of data. (A)

When writing searches in Splunk, which of the following is true about Booleans?

They must be uppercase. (B)

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

(index=netfw failure) OR (index=netops (warn OR critical)) (C)

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price.

index=security sourcetype=access_* status=200 | stats count by price (D)

Which of the following constraints can be used with the top command?

limit (C)

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

Modify the chart type displayed in a dashboard panel. (A)

When running searches, command modifiers in the search string are displayed in what color?

Orange (C)