Question 1

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

Accepted Answer

A)  the_questionnaire _pedia 
B)  the_questionnaire pedia 
C)  the_questionnaire_pedia 
D)  the_questionnaire Pedia 
A)  the_questionnaire _pedia 
B)  the_questionnaire pedia 
C)  the_questionnaire_pedia 
D)  the_questionnaire Pedia

Question 2

When viewing results of a search job from the Activity menu, which of the following is displayed?

Accepted Answer

A)  New events based on the current time range picker 
B)  The same events based on the current time range picker 
C)  The same events from when the original search was executed 
D)  New events in addition to the same events from the original search 
A)  New events based on the current time range picker 
B)  The same events based on the current time range picker 
C)  The same events from when the original search was executed 
D)  New events in addition to the same events from the original search

Question 3

Field names are case sensitive and field value are not.

Accepted Answer

A) True 
 B)False

Question 4

How are events displayed after a search is executed?

Accepted Answer

A)  In chronological order. 
B)  Randomly by default. 
C)  In reverse chronological order. 
D)  Alphabetically according to field name. 
A)  In chronological order. 
B)  Randomly by default. 
C)  In reverse chronological order. 
D)  Alphabetically according to field name.

Question 5

Which of the following are functions of the stats command?

Accepted Answer

A)  count, sum, add 
B)  count, sum, less 
C)  sum, avg, values 
D)  sum, values, table 
A)  count, sum, add 
B)  count, sum, less 
C)  sum, avg, values 
D)  sum, values, table

Question 6

At the time of searching the start time is 03:35:08. Will it look back to 03:00:00 if we use -30m@h in searching?

Accepted Answer

A)  Yes 
B)  No 
A)  Yes 
B)  No

Question 7

What is the purpose of using a by clause with the stats command?

Accepted Answer

A)  To group the results by one or more fields. 
B)  To compute numerical statistics on each field. 
C)  To specify how the values in a list are delimited. 
D)  To partition the input data based on the split-by fields. 
A)  To group the results by one or more fields. 
B)  To compute numerical statistics on each field. 
C)  To specify how the values in a list are delimited. 
D)  To partition the input data based on the split-by fields.

Question 8

Fields are searchable key value pairs in your event data.

Accepted Answer

A) True 
 B)False

Question 9

Search Language Syntax in Splunk can be broken down into the following components. (Choose all that apply.)

Accepted Answer

A)  Search term 
B)  Command 
C)  Pipe 
D)  Functions 
E)  Arguments
F) Clause 
A)  Search term 
B)  Command 
C)  Pipe 
D)  Functions 
E)  Arguments
F) Clause

Question 10

Every Search in Splunk is also called _____________.

Accepted Answer

A)  None of the above 
B)  Job 
C)  Search Only 
A)  None of the above 
B)  Job 
C)  Search Only

Question 11

Fields are searchable name and value pairings that differentiates one event from another.

Accepted Answer

A) True 
 B)False

Question 12

You can change the App context in Input setting.

Accepted Answer

A)  No 
B)  Yes 
A)  No 
B)  Yes

Question 13

Interesting fields are the fields that have at least 20% of resulting fields.

Accepted Answer

A) True 
 B)False

Question 14

!= and NOT are same arguments.

Accepted Answer

A) True 
 B)False

Question 15

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

Accepted Answer

A)  Save the search as a report and use it in multiple dashboards as needed. 
B)  Save the search as a dashboard panel for each dashboard that needs the data. 
C)  Save the search as a scheduled alert and use it in multiple dashboards as needed. 
D)  Export the results of the search to an XML file and use the file as the basis of the dashboards. 
A)  Save the search as a report and use it in multiple dashboards as needed. 
B)  Save the search as a dashboard panel for each dashboard that needs the data. 
C)  Save the search as a scheduled alert and use it in multiple dashboards as needed. 
D)  Export the results of the search to an XML file and use the file as the basis of the dashboards.

Question 16

Which of the following are common constraints of the top command?

Accepted Answer

A)  limit, count 
B)  limit, showpercent 
C)  limits, countfield 
D)  showperc, countfield 
A)  limit, count 
B)  limit, showpercent 
C)  limits, countfield 
D)  showperc, countfield

Question 17

Which statement describes field discovery at search time?

Accepted Answer

A)  Splunk automatically discovers only numeric fields 
B)  Splunk automatically discovers only alphanumeric fields 
C)  Splunk automatically discovers only manually configured fields 
D)  Splunk automatically discovers only fields directly related to the search results 
A)  Splunk automatically discovers only numeric fields 
B)  Splunk automatically discovers only alphanumeric fields 
C)  Splunk automatically discovers only manually configured fields 
D)  Splunk automatically discovers only fields directly related to the search results

Question 18

Which of the following is the most efficient search?

Accepted Answer

A)  index=* "failed password" 
B)  "failed password" index=* 
C)  (index=* OR index=security) "failed password" 
D)  index=security "failed password" 
A)  index=* "failed password" 
B)  "failed password" index=* 
C)  (index=* OR index=security) "failed password" 
D)  index=security "failed password"

Question 19

When placed early in a search, which command is most effective at reducing search execution time?

Accepted Answer

A)  dedup 
B)  rename 
C)  sort - 
D)  fields + 
A)  dedup 
B)  rename 
C)  sort - 
D)  fields +

Question 20

What is a primary function of a scheduled report?

Accepted Answer

A)  Auto-detect changes in performance. 
B)  Auto-generated PDF reports of overall data trends. 
C)  Regularly scheduled archiving to keep disk space use low. 
D)  Triggering an alert in your Splunk instance when certain conditions are met. 
A)  Auto-detect changes in performance. 
B)  Auto-generated PDF reports of overall data trends. 
C)  Regularly scheduled archiving to keep disk space use low. 
D)  Triggering an alert in your Splunk instance when certain conditions are met.

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

When viewing results of a search job from the Activity menu, which of the following is displayed?

Field names are case sensitive and field value are not.

How are events displayed after a search is executed?

Which of the following are functions of the stats command?

At the time of searching the start time is 03:35:08. Will it look back to 03:00:00 if we use -30m@h in searching?

What is the purpose of using a by clause with the stats command?

Fields are searchable key value pairs in your event data.

Search Language Syntax in Splunk can be broken down into the following components. (Choose all that apply.)

Every Search in Splunk is also called _____________.

Fields are searchable name and value pairings that differentiates one event from another.

You can change the App context in Input setting.

Interesting fields are the fields that have at least 20% of resulting fields.

!= and NOT are same arguments.

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

Which of the following are common constraints of the top command?

Which statement describes field discovery at search time?

Which of the following is the most efficient search?

When placed early in a search, which command is most effective at reducing search execution time?

What is a primary function of a scheduled report?

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 1: Splunk Core Certified User

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

When viewing results of a search job from the Activity menu, which of the following is displayed?

Field names are case sensitive and field value are not.

How are events displayed after a search is executed?

Which of the following are functions of the stats command?

At the time of searching the start time is 03:35:08. Will it look back to 03:00:00 if we use -30m@h in searching?

What is the purpose of using a by clause with the stats command?

Fields are searchable key value pairs in your event data.

Search Language Syntax in Splunk can be broken down into the following components. (Choose all that apply.)

Every Search in Splunk is also called _____________.

Fields are searchable name and value pairings that differentiates one event from another.

You can change the App context in Input setting.

Interesting fields are the fields that have at least 20% of resulting fields.

!= and NOT are same arguments.

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

Which of the following are common constraints of the top command?

Which statement describes field discovery at search time?

Which of the following is the most efficient search?

When placed early in a search, which command is most effective at reducing search execution time?

What is a primary function of a scheduled report?

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters