Question 1

Which of the following are functions of the stats command?

Accepted Answer

A)   count, sum, add
B)   count, sum, less
C)   sum, avg, values
D)   sum, values, table

Question 2

Interesting fields are the fields that have at least 20% of resulting fields.

Accepted Answer

A) True 
 B)False

Question 3

Field names are case sensitive and field value are not.

Accepted Answer

A) True 
 B)False

Question 4

What is the purpose of using a by clause with the stats command?

Accepted Answer

A)   To group the results by one or more fields.
B)   To compute numerical statistics on each field.
C)   To specify how the values in a list are delimited.
D)   To partition the input data based on the split-by fields.

Question 5

Fields are searchable key value pairs in your event data.

Accepted Answer

A) True 
 B)False

Question 6

You can change the App context in Input setting.

Accepted Answer

A)   No
B)   Yes

Question 7

Which statement describes field discovery at search time?

Accepted Answer

A)   Splunk automatically discovers only numeric fields
B)   Splunk automatically discovers only alphanumeric fields
C)   Splunk automatically discovers only manually configured fields
D)   Splunk automatically discovers only fields directly related to the search results

Question 8

Fields are searchable name and value pairings that differentiates one event from another.

Accepted Answer

A) True 
 B)False

Question 9

At the time of searching the start time is 03:35:08. Will it look back to 03:00:00 if we use -30m@h in searching?

Accepted Answer

A)   Yes
B)   No

Question 10

Which of the following are common constraints of the top command?

Accepted Answer

A)   limit, count
B)   limit, showpercent
C)   limits, countfield
D)   showperc, countfield

Question 11

Which of the following is the most efficient search?

Accepted Answer

A)   index=* "failed password"
B)   "failed password" index=*
C)   (index=* OR index=security)  "failed password"
D)   index=security "failed password"

Question 12

When placed early in a search, which command is most effective at reducing search execution time?

Accepted Answer

A)   dedup
B)   rename
C)   sort -
D)   fields +

Question 13

Every Search in Splunk is also called _____________.

Accepted Answer

A)   None of the above
B)   Job
C)   Search Only

Question 14

Search Language Syntax in Splunk can be broken down into the following components. (Choose all that apply.)

Accepted Answer

A)   Search term
B)   Command
C)   Pipe
D)   Functions
E)   ArgumentsF)  Clause

Question 15

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

Accepted Answer

A)   the_questionnaire _pedia
B)   the_questionnaire pedia
C)   the_questionnaire_pedia
D)   the_questionnaire Pedia

Question 16

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

Accepted Answer

A)   Save the search as a report and use it in multiple dashboards as needed.
B)   Save the search as a dashboard panel for each dashboard that needs the data.
C)   Save the search as a scheduled alert and use it in multiple dashboards as needed.
D)   Export the results of the search to an XML file and use the file as the basis of the dashboards.

Question 17

When viewing results of a search job from the Activity menu, which of the following is displayed?

Accepted Answer

A)   New events based on the current time range picker
B)   The same events based on the current time range picker
C)   The same events from when the original search was executed
D)   New events in addition to the same events from the original search

Question 18

What is a primary function of a scheduled report?

Accepted Answer

A)   Auto-detect changes in performance.
B)   Auto-generated PDF reports of overall data trends.
C)   Regularly scheduled archiving to keep disk space use low.
D)   Triggering an alert in your Splunk instance when certain conditions are met.

Question 19

!= and NOT are same arguments.

Accepted Answer

A) True 
 B)False

Question 20

How are events displayed after a search is executed?

Accepted Answer

A)   In chronological order.
B)   Randomly by default.
C)   In reverse chronological order.
D)   Alphabetically according to field name.

Exam 1: Splunk Core Certified User

Fields are searchable name and value pairings that differentiates one event from another.

Correct AnswerverifiedShow Answer

Search Language Syntax in Splunk can be broken down into the following components. (Choose all that apply.)

Correct AnswerverifiedShow Answer

How are events displayed after a search is executed?

Correct AnswerverifiedShow Answer

Which of the following are common constraints of the top command?

Correct AnswerverifiedShow Answer

Every Search in Splunk is also called _____________.

Correct AnswerverifiedShow Answer

When viewing results of a search job from the Activity menu, which of the following is displayed?

Correct AnswerverifiedShow Answer

Which statement describes field discovery at search time?

Correct AnswerverifiedShow Answer

Interesting fields are the fields that have at least 20% of resulting fields.

Correct AnswerverifiedShow Answer

At the time of searching the start time is 03:35:08. Will it look back to 03:00:00 if we use -30m@h in searching?

Correct AnswerverifiedShow Answer

Fields are searchable key value pairs in your event data.

Correct AnswerverifiedShow Answer

What is a primary function of a scheduled report?

Correct AnswerverifiedShow Answer

Which of the following is the most efficient search?

Correct AnswerverifiedShow Answer

When placed early in a search, which command is most effective at reducing search execution time?

Correct AnswerverifiedShow Answer

!= and NOT are same arguments.

Correct AnswerverifiedShow Answer

What is the purpose of using a by clause with the stats command?

Correct AnswerverifiedShow Answer

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

Correct AnswerverifiedShow Answer

You can change the App context in Input setting.

Correct AnswerverifiedShow Answer

Field names are case sensitive and field value are not.

Correct AnswerverifiedShow Answer

Which of the following are functions of the stats command?

Correct AnswerverifiedShow Answer

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified