Question 1

According to Splunk best practices, which placement of the wildcard results in the most efficient search?

Accepted Answer

A)  f*il 
B)  *fail 
C)  fail* 
D)  *fail* 
A)  f*il 
B)  *fail 
C)  fail* 
D)  *fail* C

Question 2

Forward Option gather and forward data to indexers over a receiving port from remote machines.

Accepted Answer

A) True 
 B)False  True

Question 3

Which component of Splunk let us write SPL query to find the required data?

Accepted Answer

A)  Forwarders 
B)  Indexer 
C)  Heavy Forwarders 
D)  Search head 
A)  Forwarders 
B)  Indexer 
C)  Heavy Forwarders 
D)  Search head D

Question 4

Following are the time selection option while making search: (Choose all that apply.)

Accepted Answer

A)  Date & Time Range 
B)  Advanced 
C)  Date Range 
D)  Presets 
E)  Relative 
A)  Date & Time Range 
B)  Advanced 
C)  Date Range 
D)  Presets 
E)  Relative

Question 5

There are three different search modes in Splunk (Choose three.):

Accepted Answer

A)  Automatic 
B)  Smart 
C)  Fast 
D)  Verbose 
A)  Automatic 
B)  Smart 
C)  Fast 
D)  Verbose

Question 6

Events in Splunk are automatically segregated using data and time.

Accepted Answer

A)  Yes 
B)  No 
A)  Yes 
B)  No

Question 7

What are the two most efficient search filters?

Accepted Answer

A)  _time and host _time and host 
B)  _time and index index 
C)  host and sourcetype and sourcetype 
D)  index and sourcetype 
A)  _time and host _time and host 
B)  _time and index index 
C)  host and sourcetype and sourcetype 
D)  index and sourcetype

Question 8

What must be done before an automatic lookup can be created? (select all that apply)

Accepted Answer

A)  The lookup command must be used. The lookup command must be used. 
B)  The lookup definition must be created. 
C)  The lookup file must be uploaded to Splunk. 
D)  The lookup file must be verified using the inputlookup command. The lookup file must be verified using the inputlookup command. 
A)  The lookup command must be used. The lookup command must be used. 
B)  The lookup definition must be created. 
C)  The lookup file must be uploaded to Splunk. 
D)  The lookup file must be verified using the inputlookup command. The lookup file must be verified using the inputlookup command.

Question 9

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

Accepted Answer

A)  No events will be returned. 
B)  Splunk will prompt you to specify an index. 
C)  All non-indexed events to which the user has access will be returned. 
D)  Events from every index searched by default to which the user has access will be returned. 
A)  No events will be returned. 
B)  Splunk will prompt you to specify an index. 
C)  All non-indexed events to which the user has access will be returned. 
D)  Events from every index searched by default to which the user has access will be returned.

Question 10

All components are installed and administered in Splunk Enterprise on-premise.

Accepted Answer

A) True 
 B)False

Question 11

Which search matches the events containing the terms "error" and "fail"?

Accepted Answer

A)  index=security Error Fail 
B)  index=security error OR fail 
C)  index=security "error failure" 
D)  index=security NOT error NOT fail 
A)  index=security Error Fail 
B)  index=security error OR fail 
C)  index=security "error failure" 
D)  index=security NOT error NOT fail

Question 12

What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?

Accepted Answer

A)  latest=-2h 
B)  earliest=-2h 
C)  latest=-2hour@d 
D)  earliest=-2hour@d 
A)  latest=-2h 
B)  earliest=-2h 
C)  latest=-2hour@d 
D)  earliest=-2hour@d

Question 13

When running searches, command modifiers in the search string are displayed in what color?

Accepted Answer

A)  Red 
B)  Blue 
C)  Orange 
D)  Highlighted 
A)  Red 
B)  Blue 
C)  Orange 
D)  Highlighted

Question 14

What will always appear in the Selected Fields list?

Accepted Answer

A)  index 
B)  action 
C)  clientip 
D)  sourcetype 
A)  index 
B)  action 
C)  clientip 
D)  sourcetype

Question 15

Parsing of data can happen both in HF and UF.

Accepted Answer

A)  Yes 
B)  No 
A)  Yes 
B)  No

Question 16

License Meter runs before data compression.

Accepted Answer

A)  No 
B)  Yes 
A)  No 
B)  Yes

Question 17

Which of the following is the most efficient filter for running searches in Splunk?

Accepted Answer

A)  Time 
B)  Fast mode 
C)  Sourcetype 
D)  Selected Fields 
A)  Time 
B)  Fast mode 
C)  Sourcetype 
D)  Selected Fields

Question 18

Put query into separate lines where | (Pipes) are used by selecting following options.

Accepted Answer

A)  CTRL + Enter 
B)  Shift + Enter 
C)  Space + Enter 
D)  ALT + Enter 
A)  CTRL + Enter 
B)  Shift + Enter 
C)  Space + Enter 
D)  ALT + Enter

Question 19

Which search will return only events containing the word "error" and display the results as a table that includes the fields named action , src , and dest ?

Accepted Answer

Question 20

Select the statements that are true for timeline in Splunk (Choose four.):

Accepted Answer

A)  Timeline shows distribution of events specified in the time range in the form of bars. 
B)  Single click to see the result for particular time period. 
C)  You can click and drag across the bar for selecting the range. 
D)  This is default view and you can't make any changes to it. 
E)  You can hover your mouse for details like total events, time and date. 
A)  Timeline shows distribution of events specified in the time range in the form of bars. 
B)  Single click to see the result for particular time period. 
C)  You can click and drag across the bar for selecting the range. 
D)  This is default view and you can't make any changes to it. 
E)  You can hover your mouse for details like total events, time and date.

According to Splunk best practices, which placement of the wildcard results in the most efficient search?

Forward Option gather and forward data to indexers over a receiving port from remote machines.

Which component of Splunk let us write SPL query to find the required data?

Following are the time selection option while making search: (Choose all that apply.)

There are three different search modes in Splunk (Choose three.):

Events in Splunk are automatically segregated using data and time.

What are the two most efficient search filters?

What must be done before an automatic lookup can be created? (select all that apply)

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

All components are installed and administered in Splunk Enterprise on-premise.

Which search matches the events containing the terms "error" and "fail"?

What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?

When running searches, command modifiers in the search string are displayed in what color?

What will always appear in the Selected Fields list?

Parsing of data can happen both in HF and UF.

License Meter runs before data compression.

Which of the following is the most efficient filter for running searches in Splunk?

Put query into separate lines where | (Pipes) are used by selecting following options.

Which search will return only events containing the word "error" and display the results as a table that includes the fields named action , src , and dest ?

Select the statements that are true for timeline in Splunk (Choose four.):

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 1: Splunk Core Certified User

According to Splunk best practices, which placement of the wildcard results in the most efficient search?

Forward Option gather and forward data to indexers over a receiving port from remote machines.

Which component of Splunk let us write SPL query to find the required data?

Following are the time selection option while making search: (Choose all that apply.)

There are three different search modes in Splunk (Choose three.):

Events in Splunk are automatically segregated using data and time.

What are the two most efficient search filters?

What must be done before an automatic lookup can be created? (select all that apply)

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

All components are installed and administered in Splunk Enterprise on-premise.

Which search matches the events containing the terms "error" and "fail"?

What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?

When running searches, command modifiers in the search string are displayed in what color?

What will always appear in the Selected Fields list?

Parsing of data can happen both in HF and UF.

License Meter runs before data compression.

Which of the following is the most efficient filter for running searches in Splunk?

Put query into separate lines where | (Pipes) are used by selecting following options.

Which search will return only events containing the word "error" and display the results as a table that includes the fields named action , src , and dest ?

Select the statements that are true for timeline in Splunk (Choose four.):

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters