Splunk SPLK-1001 Exam Practice Test Instant Access

Question 1

This function of the stats command allows you to return the middle-most value of field X.

AMedian(X)

BEval by X

CFields(X)

DValues(X)

Answer : A

Question 2

Search Assistant is enabled by default in the SPL editor with compact settings.

ANo

BYes

Answer : B

Question 3

Keywords are highlighted when you mouse over search results and you can click this search result to (Choose three.):

AOpen new search.

BExclude the item from search.

CNone of the above.

DAdd the item to search

Answer : A, B, D

Question 4

It is not possible for a single instance of Splunk to manage the input, parsing and indexing of machine.

ATrue

BFalse

Answer : B

Question 5

Which of the statements is correct regarding click and drag option in timeline?

AThe new result after selecting the range by dragging filters the events and displays the most recent first.

BThere is no functionality like click and drag in Splunk's timeline.

CUsing this option executes a new query.

DThis doesn't execute a new query

Answer : A

Question 6

It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.

ATrue

BFalse

Answer : B

Question 7

What is the correct syntax to count the number of events containing a vendor_action field?

Acount stats vendor_action

Bcount stats (vendor_action)

Cstats count (vendor_action)

Dstats vendor_action (count)

Answer : C

Splunk SPLK-1001 Splunk Core Certified User Exam Practice Test