11 Questions
Which search string will only return events from hostWWW3?
host=WWW3
By default, how long does Splunk retain a search job?
10 Minutes
What must be done before an automatic lookup can be created? (Choose all that apply.)
The lookup definition must be created.
Which of the following Splunk components typically resides on the machines where data originates?
Forwarder
What determines the scope of data that appears in a scheduled report?
The timeframe specified in the scheduled report settings determines the scope of data.
When writing searches in Splunk, which of the following is true about Booleans?
They must be uppercase.
Which of the following searches would return events with failure in index netfw or warn or critical in index netops?
(index=netfw failure) OR (index=netops (warn OR critical))
Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price.
index=security sourcetype=access_* status=200 | stats count by price
Which of the following constraints can be used with the top command?
limit
When editing a dashboard, which of the following are possible options? (Choose all that apply.)
Modify the chart type displayed in a dashboard panel.
When running searches, command modifiers in the search string are displayed in what color?
Orange
Test your knowledge of Splunk search queries and default settings with this quiz. From filtering events by host to understanding retention periods for search jobs, this quiz covers various aspects of using Splunk for data analysis.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
