Splunk SPLK-1001 Exam Practice Test Instant Access

Question 1

At index time, in which field does Splunk store the timestamp value?

Atime

B_time

CEventTime

Dtimestamp

Answer : B

Question 2

Three basic components of Splunk are (Choose three.):

AForwarders

BDeployment Server

CIndexer

DKnowledge Objects

EIndex

FSearch Head

Answer : A, C, F

Question 3

Put query into separate lines where | (Pipes) are used by selecting following options.

ACTRL + Enter

BShift + Enter

CSpace + Enter

DALT + Enter

Answer : B

Question 4

What is the main requirement for creating visualizations using the Splunk UI?

AYour search must transform event data into Excel file format first.

BYour search must transform event data into XML formatted data first.

CYour search must transform event data into statistical data tables first.

DYour search must transform event data into JSON formatted data first.

Answer : C

Question 5

Which of the following index searches would provide the most efficient search performance?

Aindex=*

Bindex=web OR index=s*

C(index=web OR index=sales)

D*index=sales AND index=web*

Answer : C

Question 6

Splunk extracts fields from event data at index time and at search time.

ATrue

BFalse

Answer : A

Explanation/Reference: Reference: https://docs.splunk.com/Documentation/Splunk/7.2.3/SearchTutorial/Usefieldstosearch

Question 7

When looking at a dashboard panel that is based on a report, which of the following is true?

AYou can modify the search string in the panel, and you can change and configure the visualization.

BYou can modify the search string in the panel, but you cannot change and configure the visualization.

CYou cannot modify the search string in the panel, but you can change and configure the visualization.

DYou cannot modify the search string in the panel, and you cannot change and configure the visualization.

Answer : C

When looking at a dashboard panel that is based on a report, you cannot modify the search string in the panel, but you can change and configure the visualization. This is because the dashboard panel inherits the search string from the report, and any changes to the search string will affect the report as well. However, you can customize the visualization settings for the dashboard panel without affecting the report. Reference:Splunk Core User Certification Exam Study Guide, page 37.

Splunk Core Certified User SPLK-1001 Exam Practice Test