Splunk Core Certified User SPLK-1001 Real Exam Questions and Answers FREE Updated on Sep 29, 2021
SPLK-1001 Ultimate Study Guide - SureTorrent
NEW QUESTION 135
In the Splunk interface, the list of alerts can be filtered based on which characteristics?
- A. App, Time Window, Type, and Severity
- B. App, Owner, Severity, and Type
- C. App, Dashboard, Severity, and Type
- D. App, Owner, Priority, and Status
Answer: A
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Alert/Reviewtriggeredalerts
NEW QUESTION 136
When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?
- A. $SPLUNK_HOME/etc/scripts
- B. $SPLUNK_HOME/bin/scripts
- C. $SPLUNK_HOME/etc/scripts/bin
- D. $SPLUNK_HOME/bin/etc/scripts
Answer: B
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Alert/Configuringscriptedalerts
NEW QUESTION 137
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
- A. !
- B. S
- C. ,
- D. |
Answer: A
NEW QUESTION 138
Which statement is true about Splunk alerts?
- A. Alerts are based on searches and when triggered will only send an email notification.
- B. Alerts are based on searches that are either run on a scheduled interval or in real-time
- C. Alerts are based on searches and require cron to run on scheduled interval
- D. Alerts are based on searches that are run exclusively as real-time
Answer: D
NEW QUESTION 139
Snapping rounds down to the nearest specified unit.
- A. No
- B. Yes
Answer: B
NEW QUESTION 140
After running a search, what effect does clicking and dragging across the timeline have?
- A. Executes a new search.
- B. Moves to past or future events.
- C. Expands the time range of the search.
- D. Filters current search results.
Answer: B
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Usethetimeline
NEW QUESTION 141
You can view the search result in following format (Choose three.):
- A. Pie Chart
- B. Table
- C. List
- D. Raw
Answer: B,C,D
NEW QUESTION 142
Beginning parentheses is automatically highlighted to guide you on the presence of complimenting parentheses.
- A. No
- B. Yes
Answer: B
Explanation:
Explanation
NEW QUESTION 143
By default, which of the following is a Selected Field?
- A. clientip
- B. sourcetype
- C. categoryld
- D. action
Answer: C
NEW QUESTION 144
You can also specify a time range in the search bar. You can use the following for beginning and ending for a time range (Choose two.):
- A. end=
- B. start=
- C. latest=
- D. Not possible to specify time manually in Search query
- E. earliest=
Answer: C,E
NEW QUESTION 145
Which of the following index searches would provide the most efficient search performance'?
- A. *index=sales AND index= web
- B. (index=web OR index=sales)
- C. index=web OR index=s"
- D. index=*
Answer: B
NEW QUESTION 146
When looking at a dashboard panel that is based on a report, which of the following is true?
- A. You cannot modify the search string in the panel, but you can change and configure the visualization.
- B. You cannot modify the search string in the panel, and you cannot change and configure the visualization.
- C. You can modify the search string in the panel, and you can change and configure the visualization.
- D. You can modify the search string in the panel, but you cannot change and configure the visualization.
Answer: A
Explanation:
Explanation/Reference:
Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/WorkingWithDashboardPanels
NEW QUESTION 147
Which of the following can be used as wildcard search in Splunk?
- A. *
- B. !
- C.
- D. >
Answer: A
NEW QUESTION 148
Which component of Splunk is primarily responsible for saving data?
- A. Universal Forwarder
- B. Search Head
- C. Indexer
- D. Heavy Forwarder
Answer: C
NEW QUESTION 149
Parsing of data can happen both in HF and Indexer.
- A. No
- B. Yes
- C. Only HF
Answer: B
NEW QUESTION 150
What does the rarecommand do?
- A. Returns the most common field values of a given field in the results.
- B. Returns the least common field values of a given field in the results.
- C. Returns the lowest 10 field values of a given field in the results.
- D. Returns the top 10 field values of a given field in the results.
Answer: B
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Rare
NEW QUESTION 151
Which search string only returns events from hostWWW3?
- A. host=WWW*
- B. host=WWW3
- C. Host=WWW3
Answer: A
NEW QUESTION 152
Which events will be returned by the following search string?
host=www3 status=503
- A. All events that either have a host of www3 or a status of 503.
- B. We need more information: we cannot tell without knowing the time range
- C. All events with a host of www3 that also have a status of 503
- D. We need more information a search cannot be run without specifying an index
Answer: D
NEW QUESTION 153
Which of the following is a correct way to limit search results to display the 5 most common values of a field?
- A. | top rare=5
- B. | rare limit=5
- C. | rare top=5
- D. | top limit=5
Answer: D
NEW QUESTION 154
......
Ultimate Guide to Prepare SPLK-1001 Certification Exam for Splunk Core Certified User: https://www.suretorrent.com/SPLK-1001-exam-guide-torrent.html
Use Real SPLK-1001 Dumps - Splunk Correct Answers: https://drive.google.com/open?id=1bFpvmg6Gb9JviMTwpTBAKkNKsi6hfNnd