Question 1

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

Accepted Answer

A)  An app 
B)  JSON 
C)  A role 
D)  An enhanced solution 
A)  An app 
B)  JSON 
C)  A role 
D)  An enhanced solution

Question 2

Which Field/Value pair will return only events found in the index named security ?

Accepted Answer

A)  Index=Security 
B)  index=Security 
C)  Index=security 
D)  index!=Security 
A)  Index=Security 
B)  index=Security 
C)  Index=security 
D)  index!=Security

Question 3

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

Accepted Answer

A)  App, Owner, Severity, and Type 
B)  App, Owner, Priority, and Status 
C)  App, Dashboard, Severity, and Type 
D)  App, Time Window, Type, and Severity 
A)  App, Owner, Severity, and Type 
B)  App, Owner, Priority, and Status 
C)  App, Dashboard, Severity, and Type 
D)  App, Time Window, Type, and Severity

Question 4

What can be included in the All Fields option in the sidebar?

Accepted Answer

A)  Dashboards 
B)  Metadata only 
C)  Non-interesting fields 
D)  Field descriptions 
A)  Dashboards 
B)  Metadata only 
C)  Non-interesting fields 
D)  Field descriptions

Question 5

Which symbol is used to snap the time?

Accepted Answer

A)  @ 
B)  & 
C)  * 
D)  # 
A)  @ 
B)  & 
C)  * 
D)  #

Question 6

Will the queries following below get the same result? 1. index=log sourcetype=error_log status !=100 2. index=log sourcetype=error_log NOT status =100

Accepted Answer

A)  Yes 
B)  No 
A)  Yes 
B)  No

Question 7

How to make Interesting field into a selected field?

Accepted Answer

A)  Click field in field sidebar -> click YES on the pop-up dialog on upper right side -> check now field should be visible in the list of selected fields. 
B)  Not possible. 
C)  Only CLI changes will enable it. 
D)  Click Settings -> Find field option -> Drop down select field -> enable selected field -> check now field should be visible in the list of selected fields. 
A)  Click field in field sidebar -> click YES on the pop-up dialog on upper right side -> check now field should be visible in the list of selected fields. 
B)  Not possible. 
C)  Only CLI changes will enable it. 
D)  Click Settings -> Find field option -> Drop down select field -> enable selected field -> check now field should be visible in the list of selected fields.

Question 8

Select the best options for "search best practices" in Splunk: (Choose five.)

Accepted Answer

A)  Select the time range always. 
B)  Try to specify index values. 
C)  Include as many search terms as possible. 
D)  Never select time range. 
E)  Try to use * with every search term.
F) Inclusion is generally better than exclusion.
G) Try to keep specific search terms. 
A)  Select the time range always. 
B)  Try to specify index values. 
C)  Include as many search terms as possible. 
D)  Never select time range. 
E)  Try to use * with every search term.
F) Inclusion is generally better than exclusion.
G) Try to keep specific search terms.

Question 9

When editing a dashboard, which of the following are possible options? (select all that apply)

Accepted Answer

A)  Add an output. 
B)  Export a dashboard panel. 
C)  Modify the chart type displayed in a dashboard panel. 
D)  Drag a dashboard panel to a different location on the dashboard. 
A)  Add an output. 
B)  Export a dashboard panel. 
C)  Modify the chart type displayed in a dashboard panel. 
D)  Drag a dashboard panel to a different location on the dashboard.

Question 10

Splunk apps are used for following (Choose three.):

Accepted Answer

A)  Designed to cater numerous use cases and empower Splunk. 
B)  We can not install Splunk App. 
C)  Allows multiple workspaces for different use cases / user roles. 
D)  It is collection of different Splunk config files like data inputs, UI and Knowledge Object. 
A)  Designed to cater numerous use cases and empower Splunk. 
B)  We can not install Splunk App. 
C)  Allows multiple workspaces for different use cases / user roles. 
D)  It is collection of different Splunk config files like data inputs, UI and Knowledge Object.

Question 11

Assuming a user has the capability to edit reports, which of the following are editable?

Accepted Answer

A)  Acceleration, schedule, permissions 
B)  The report's name, schedule, permissions 
C)  The report's name, acceleration, schedule 
D)  The report's name, acceleration, permissions 
A)  Acceleration, schedule, permissions 
B)  The report's name, schedule, permissions 
C)  The report's name, acceleration, schedule 
D)  The report's name, acceleration, permissions

Question 12

How can results from a specified static lookup file be displayed?

Accepted Answer

A)  lookup command lookup command 
B)  inputlookup command inputlookup 
C)  Settings > Lookups > Input 
D)  Settings > Lookups > Upload 
A)  lookup command lookup command 
B)  inputlookup command inputlookup 
C)  Settings > Lookups > Input 
D)  Settings > Lookups > Upload

Question 13

Which of the following reports is available in the Fields window?

Accepted Answer

A)  Top values by time 
B)  Rare values by time 
C)  Events with top value fields 
D)  Events with rare value fields 
A)  Top values by time 
B)  Rare values by time 
C)  Events with top value fields 
D)  Events with rare value fields

Question 14

Which statement is true about the top command?

Accepted Answer

A)  It returns the top 10 results. 
B)  It displays the output in table format. 
C)  It returns the count and percent columns per row. 
D)  All of the above. 
A)  It returns the top 10 results. 
B)  It displays the output in table format. 
C)  It returns the count and percent columns per row. 
D)  All of the above.

Question 15

Snapping rounds down to the nearest specified unit.

Accepted Answer

A)  Yes 
B)  No 
A)  Yes 
B)  No

Question 16

What does the rare command do?

Accepted Answer

A)  Returns the least common field values of a given field in the results. 
B)  Returns the most common field values of a given field in the results. 
C)  Returns the top 10 field values of a given field in the results. 
D)  Returns the lowest 10 field values of a given field in the results. 
A)  Returns the least common field values of a given field in the results. 
B)  Returns the most common field values of a given field in the results. 
C)  Returns the top 10 field values of a given field in the results. 
D)  Returns the lowest 10 field values of a given field in the results.

Question 17

In the fields sidebar, what indicates that a field is numeric?

Accepted Answer

A)  A number to the right of the field name. 
B)  A # symbol to the left of the field name. 
C)  A lowercase n to the left of the field name. A lowercase n to the left of the field name. 
D)  A lowercase n to the right of the field name. to the right of the field name. 
A)  A number to the right of the field name. 
B)  A # symbol to the left of the field name. 
C)  A lowercase n to the left of the field name. A lowercase n to the left of the field name. 
D)  A lowercase n to the right of the field name. to the right of the field name.

Question 18

Selected fields are a set of configurable fields displayed for each event.

Accepted Answer

A) True 
 B)False

Question 19

How can another user gain access to a saved report?

Accepted Answer

A)  The owner of the report can edit permissions from the Edit dropdown. 
B)  Only users with an Admin or Power User role can access other users' reports. 
C)  Anyone can access any reports marked as public within a shared Splunk deployment. 
D)  The owner of the report must clone the original report and save it to their user account. 
A)  The owner of the report can edit permissions from the Edit dropdown. 
B)  Only users with an Admin or Power User role can access other users' reports. 
C)  Anyone can access any reports marked as public within a shared Splunk deployment. 
D)  The owner of the report must clone the original report and save it to their user account.

Question 20

Which search string only returns events from hostWWW3?

Accepted Answer

A)  host=* 
B)  host=WWW3 
C)  host=WWW* 
D)  Host=WWW3 
A)  host=* 
B)  host=WWW3 
C)  host=WWW* 
D)  Host=WWW3

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

Which Field/Value pair will return only events found in the index named security ?

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

What can be included in the All Fields option in the sidebar?

Which symbol is used to snap the time?

Will the queries following below get the same result? 1. index=log sourcetype=error_log status !=100 2. index=log sourcetype=error_log NOT status =100

How to make Interesting field into a selected field?

Select the best options for "search best practices" in Splunk: (Choose five.)

When editing a dashboard, which of the following are possible options? (select all that apply)

Splunk apps are used for following (Choose three.):

Assuming a user has the capability to edit reports, which of the following are editable?

How can results from a specified static lookup file be displayed?

Which of the following reports is available in the Fields window?

Which statement is true about the top command?

Snapping rounds down to the nearest specified unit.

What does the rare command do?

In the fields sidebar, what indicates that a field is numeric?

Selected fields are a set of configurable fields displayed for each event.

How can another user gain access to a saved report?

Which search string only returns events from hostWWW3?

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 1: Splunk Core Certified User

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

Which Field/Value pair will return only events found in the index named security ?

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

What can be included in the All Fields option in the sidebar?

Which symbol is used to snap the time?

Will the queries following below get the same result? 1. index=log sourcetype=error_log status !=100 2. index=log sourcetype=error_log NOT status =100

How to make Interesting field into a selected field?

Select the best options for "search best practices" in Splunk: (Choose five.)

When editing a dashboard, which of the following are possible options? (select all that apply)

Splunk apps are used for following (Choose three.):

Assuming a user has the capability to edit reports, which of the following are editable?

How can results from a specified static lookup file be displayed?

Which of the following reports is available in the Fields window?

Which statement is true about the top command?

Snapping rounds down to the nearest specified unit.

What does the rare command do?

In the fields sidebar, what indicates that a field is numeric?

Selected fields are a set of configurable fields displayed for each event.

How can another user gain access to a saved report?

Which search string only returns events from hostWWW3?

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters