Question 1

What syntax is used to link key/value pairs in search strings?

Accepted Answer

A)  Parentheses 
B)  @ or # symbols 
C)  Quotation marks 
D)  Relational operators such as =,  
A)  Parentheses 
B)  @ or # symbols 
C)  Quotation marks 
D)  Relational operators such as =,

Question 2

_______________ transforms raw data into events and distributes the results into an index.

Accepted Answer

A)  Index 
B)  Search Head 
C)  Indexer 
D)  Forwarder 
A)  Index 
B)  Search Head 
C)  Indexer 
D)  Forwarder

Question 3

Which events will be returned by the following search string? host=www3 status=503

Accepted Answer

A)  All events that either have a host of www3 or a status of 503 . All events that either have a host of www3 or a status 503 . 
B)  All events with a host of www3 that also have a status of 503 . All events with a that also have a 
C)  We need more information; we cannot tell without knowing the time range. 
D)  We need more information; a search cannot be run without specifying an index. 
A)  All events that either have a host of www3 or a status of 503 . All events that either have a host of www3 or a status 503 . 
B)  All events with a host of www3 that also have a status of 503 . All events with a that also have a 
C)  We need more information; we cannot tell without knowing the time range. 
D)  We need more information; a search cannot be run without specifying an index.

Question 4

Which search string matches only events with the status_code of 404 ?

Accepted Answer

A) status_code!=404 B) status_code>=400 C) status_code403 status_code<405 A) status_code!=404 B) status_code>=400 C) status_code403 status_code<405

Question 5

Which command is used to review the contents of a specified static lookup file?

Accepted Answer

A)  lookup 
B)  csvlookup 
C)  inputlookup 
D)  outputlookup 
A)  lookup 
B)  csvlookup 
C)  inputlookup 
D)  outputlookup

Question 6

What are the three main Splunk components?

Accepted Answer

A)  Search head, GPU, streamer 
B)  Search head, indexer, forwarder 
C)  Search head, SQL database, forwarder 
D)  Search head, SSD, heavy weight agent 
A)  Search head, GPU, streamer 
B)  Search head, indexer, forwarder 
C)  Search head, SQL database, forwarder 
D)  Search head, SSD, heavy weight agent

Question 7

You can on-board data to Splunk using following means (Choose four.):

Accepted Answer

A)  Props 
B)  CLI 
C)  Splunk Web 
D)  savedsearches.conf 
E)  Splunk apps and add-ons
F) indexes.conf
G) inputs.conf
H) metadata.conf 
A)  Props 
B)  CLI 
C)  Splunk Web 
D)  savedsearches.conf 
E)  Splunk apps and add-ons
F) indexes.conf
G) inputs.conf
H) metadata.conf

Question 8

How do you add or remove fields from search results?

Accepted Answer

A)  Use field + to add and field - to remove. Use field + to add and field - to remove. 
B)  Use table + to add and table - to remove. table + table - 
C)  Use fields + to add and fields - to remove. fields + fields - 
D)  Use fields Plus to add and fields Minus to remove. fields Plus to add and fields Minus to remove. 
A)  Use field + to add and field - to remove. Use field + to add and field - to remove. 
B)  Use table + to add and table - to remove. table + table - 
C)  Use fields + to add and fields - to remove. fields + fields - 
D)  Use fields Plus to add and fields Minus to remove. fields Plus to add and fields Minus to remove.

Question 9

Which of the following represents the Splunk recommended naming convention for dashboards?

Accepted Answer

A)  Description_Group_Object 
B)  Group_Description_Object 
C)  Group_Object_Description 
D)  Object_Group_Description 
A)  Description_Group_Object 
B)  Group_Description_Object 
C)  Group_Object_Description 
D)  Object_Group_Description

Question 10

Three basic components of Splunk are (Choose three.):

Accepted Answer

A)  Forwarders 
B)  Deployment Server 
C)  Indexer 
D)  Knowledge Objects 
E)  Index
F) Search Head 
A)  Forwarders 
B)  Deployment Server 
C)  Indexer 
D)  Knowledge Objects 
E)  Index
F) Search Head

Question 11

What does the following specified time range do? earliest=-72h@h latest=@d

Accepted Answer

A)  Look back 3 days ago and prior. 
B)  Look back 72 hours, up to one day ago. 
C)  Look back 72 hours, up to the end of today. 
D)  Look back from 3 days ago, up to the beginning of today. 
A)  Look back 3 days ago and prior. 
B)  Look back 72 hours, up to one day ago. 
C)  Look back 72 hours, up to the end of today. 
D)  Look back from 3 days ago, up to the beginning of today.

Question 12

Which of the following is a Splunk internal field?

Accepted Answer

A)  _raw 
B)  host 
C)  _host 
D)  index 
A)  _raw 
B)  host 
C)  _host 
D)  index

Question 13

Which of the following is a metadata field assigned to every event in Splunk?

Accepted Answer

A)  host 
B)  owner 
C)  bytes 
D)  action 
A)  host 
B)  owner 
C)  bytes 
D)  action

Question 14

Which statement is true about Splunk alerts?

Accepted Answer

A)  Alerts are based on searches that are either run on a scheduled interval or in real-time. 
B)  Alerts are based on searches and when triggered will only send an email notification. 
C)  Alerts are based on searches and require cron to run on scheduled interval. 
D)  Alerts are based on searches that are run exclusively as real-time. 
A)  Alerts are based on searches that are either run on a scheduled interval or in real-time. 
B)  Alerts are based on searches and when triggered will only send an email notification. 
C)  Alerts are based on searches and require cron to run on scheduled interval. 
D)  Alerts are based on searches that are run exclusively as real-time.

Question 15

Splunk Enterprise is used as a Scalable service in Splunk Cloud.

Accepted Answer

A) True 
 B)False

Question 16

Query - status != 100:

Accepted Answer

A)  Will return event where status field exist but value of that field is not 100. 
B)  Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist. 
C)  Will get different results depending on data. 
A)  Will return event where status field exist but value of that field is not 100. 
B)  Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist. 
C)  Will get different results depending on data.

Question 17

How does Splunk determine which fields to extract from data?

Accepted Answer

A)  Splunk only extracts the most interesting data from the last 24 hours. 
B)  Splunk only extracts fields users have manually specified in their data. 
C)  Splunk automatically extracts any fields that generate interesting visualizations. 
D)  Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data. 
A)  Splunk only extracts the most interesting data from the last 24 hours. 
B)  Splunk only extracts fields users have manually specified in their data. 
C)  Splunk automatically extracts any fields that generate interesting visualizations. 
D)  Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

Question 18

When writing searches in Splunk, which of the following is true about Booleans?

Accepted Answer

A)  They must be lowercase. 
B)  They must be uppercase. 
C)  They must be in quotations. 
D)  They must be in parentheses. 
A)  They must be lowercase. 
B)  They must be uppercase. 
C)  They must be in quotations. 
D)  They must be in parentheses.

Question 19

Which time range picker configuration would return real-time events for the past 30 seconds?

Accepted Answer

A)  Preset - Relative: 30-seconds ago 
B)  Relative - Earliest: 30-seconds ago, Latest: Now 
C)  Real-time - Earliest: 30-seconds ago, Latest: Now 
D)  Advanced - Earliest: 30-seconds ago, Latest: Now 
A)  Preset - Relative: 30-seconds ago 
B)  Relative - Earliest: 30-seconds ago, Latest: Now 
C)  Real-time - Earliest: 30-seconds ago, Latest: Now 
D)  Advanced - Earliest: 30-seconds ago, Latest: Now

Question 20

Splunk shows data in __________________.

Accepted Answer

A)  ASCII Character order. 
B)  Reverse chronological order. 
C)  Alphanumeric order. 
D)  Chronological order. 
A)  ASCII Character order. 
B)  Reverse chronological order. 
C)  Alphanumeric order. 
D)  Chronological order.

What syntax is used to link key/value pairs in search strings?

_______________ transforms raw data into events and distributes the results into an index.

Which events will be returned by the following search string? host=www3 status=503

Which search string matches only events with the status_code of 404 ?

Which command is used to review the contents of a specified static lookup file?

What are the three main Splunk components?

You can on-board data to Splunk using following means (Choose four.):

How do you add or remove fields from search results?

Which of the following represents the Splunk recommended naming convention for dashboards?

Three basic components of Splunk are (Choose three.):

What does the following specified time range do? earliest=-72h@h latest=@d

Which of the following is a Splunk internal field?

Which of the following is a metadata field assigned to every event in Splunk?

Which statement is true about Splunk alerts?

Splunk Enterprise is used as a Scalable service in Splunk Cloud.

Query - status != 100:

How does Splunk determine which fields to extract from data?

When writing searches in Splunk, which of the following is true about Booleans?

Which time range picker configuration would return real-time events for the past 30 seconds?

Splunk shows data in __________________.

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 1: Splunk Core Certified User

What syntax is used to link key/value pairs in search strings?

_______________ transforms raw data into events and distributes the results into an index.

Which events will be returned by the following search string? host=www3 status=503

Which search string matches only events with the status_code of 404 ?

Which command is used to review the contents of a specified static lookup file?

What are the three main Splunk components?

You can on-board data to Splunk using following means (Choose four.):

How do you add or remove fields from search results?

Which of the following represents the Splunk recommended naming convention for dashboards?

Three basic components of Splunk are (Choose three.):

What does the following specified time range do? earliest=-72h@h latest=@d

Which of the following is a Splunk internal field?

Which of the following is a metadata field assigned to every event in Splunk?

Which statement is true about Splunk alerts?

Splunk Enterprise is used as a Scalable service in Splunk Cloud.

Query - status != 100:

How does Splunk determine which fields to extract from data?

When writing searches in Splunk, which of the following is true about Booleans?

Which time range picker configuration would return real-time events for the past 30 seconds?

Splunk shows data in __________________.

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters