Splunk SPLK-1001 Exam Practice Test Instant Access

Question 1

Which command is used to validate a lookup file?

A| lookup products.csv

Binputlookup products.csv

CI inputlookup products.csv

D| lookup definition products.csv

Answer : C

Question 2

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

AClick All Fields and select the field to add it to Selected Fields.

BClick Interesting Fields and select the field to add it to Selected Fields.

CClick Selected Fields and select the field to add it to Interesting Fields.

DThis scenario isn't possible because all fields returned from a search always appear in the fields sidebar.

Answer : A

Question 3

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

A(index=netfw failure) AND index=netops warn OR critical

B(index=netfw failure) OR (index=netops (warn OR critical))

C(index=netfw failure) AND (index=netops (warn OR critical))

D(index=netfw failure) OR index=netops OR (warn OR critical)

Answer : B

Question 4

What can be included in the All Fields option in the sidebar?

ADashboards

BMetadata only

CNon-interesting fields

DField descriptions

Answer : C

Question 5

Which symbol is used to snap the time?

Answer : A

Question 6

How can search results be kept longer than 7 days?

ABy scheduling a report.

BBy creating a link to the job.

CBy changing the job settings.

DBy changing the time range picker to more than 7 days.

Answer : A

Question 7

You can on-board data to Splunk using following means (Choose four.):

AProps

BCLI

CSplunk Web

Dsavedsearches.conf

ESplunk apps and add-ons

Findexes.conf

Ginputs.conf

Hmetadata.conf

Answer : B, C, E, G

Splunk SPLK-1001 Splunk Core Certified User Exam Practice Test