Splunk SPLK-2001 Exam Questions Instant Access

Question 1

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

ANo need to do anything, it is turned on by default.

BWhen a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.

CWhen a new HEC token is created in Splunk Web, select the checkbox labeled ''Enable indexer acknowledgement''.

DWhen the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled ''Enable indexer acknowledgement''.

Answer : C, D

Question 2

Which of the following are reserved field names in a KV Store? (Select all that apply.)

A_key

B_time

C_user

D_source

Answer : B, C

Question 3

How can hiding or showing a panel by clicking on a chart or a table on the same form be performed?

ABy using vent drilldown.

BBy using workflow action.

CBy using contextual drilldown.

DBy using visualization drilldown.

Answer : D

Question 4

Which of the following are requirements for arguments sent to the data/indexes endpoint? (Select all that apply.)

ABe url-encoded.

BSpecify the datatype.

CInclude the bucket path.

DInclude the name argument.

Answer : B, D

Question 5

Given the following two files defining app navigation, which navigation options will be displayed to the end user? (Select all that apply.)

$SPLUNK_HOME/etc/apps/app_name/default/data/ui/nav/default.xml

$SPLUNK_HOME/etc/apps/app_name/local/data/ui/nav/default/xml

ASearch

BReports

CDatasets

DDashboards

Answer : B, C

Question 6

Which type of command is tstats?

AGenerating

BTransforming

CCentralized streaming

DDistributable streaming

Answer : A

Question 7

What must be done when calling the serviceNS endpoint?

AAuthenticate with an admin user.

BSpecify the user and app context in the URI.

CAuthenticate with the user of the required context.

DPass the user and app context in the request payload.

Answer : B

Splunk Certified Developer SPLK-2001 Exam Questions