Splunk SPLK-1001 Exam Questions Instant Access

Question 1

What is the primary use for the rare command?

ATo sort field values in descending order.

BTo return only fields containing five of fewer values.

CTo find the least common values of a field in a dataset.

DTo find the fields with the fewest number of values across a dataset.

Answer : C

Question 2

Portal for Splunk apps can be accessed through www.splunkbase.com

AFalse

BTrue

Answer : B

Question 3

What determines the scope of data that appears in a scheduled report?

AAll data accessible to the User role will appear in the report.

BAll data accessible to the owner of the report will appear in the report.

CAll data accessible to all users will appear in the report until the next time the report is run.

DThe owner of the report can configure permissions so that the report uses either the User role or the owner's profile at run time.

Answer : D

Question 4

Put query into separate lines where | (Pipes) are used by selecting following options.

ACTRL + Enter

BShift + Enter

CSpace + Enter

DALT + Enter

Answer : B

Question 5

Which of the following searches will return results where fail, 400, and error exist in every event?

Aerror AND (fail AND 400)

Berror OR (fail and 400)

Cerror AND (fail OR 400)

Derror OR fail OR 400

Answer : C

Question 6

What does the values function of the stats command do?

ALists all values of a given field.

BLists unique values of a given field.

CReturns a count of unique values for a given field.

DReturns the number of events that match the search.

Answer : B

Question 7

Fields are searchable key value pairs in your event data.

ATrue

BFalse

Answer : A

Splunk Core Certified User SPLK-1001 Exam Questions