Question 1

Which command automatically returns percent and count columns when executing searches?

Accepted Answer

A)  top 
B)  stats 
C)  table 
D)  percent 
A)  top 
B)  stats 
C)  table 
D)  percent

Question 2

By default, how long does Splunk retain a search job?

Accepted Answer

A)  10 Minutes 
B)  15 Minutes 
C)  1 Day 
D)  7 Days 
A)  10 Minutes 
B)  15 Minutes 
C)  1 Day 
D)  7 Days

Question 3

Which of the following is true about user account settings and preferences?

Accepted Answer

A)  Search & Reporting is the only app that can be set as the default application. 
B)  Full names can only be changed by accounts with a Power User or Admin role. 
C)  Time zones are automatically updated based on the setting of the computer accessing Splunk. 
D)  Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar. 
A)  Search & Reporting is the only app that can be set as the default application. 
B)  Full names can only be changed by accounts with a Power User or Admin role. 
C)  Time zones are automatically updated based on the setting of the computer accessing Splunk. 
D)  Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Question 4

The better way of writing search query for index is:

Accepted Answer

A)  index=a index=b 
B)  (index=a OR index=b) 
C)  index=(a & b) 
D)  index = a, b 
A)  index=a index=b 
B)  (index=a OR index=b) 
C)  index=(a & b) 
D)  index = a, b

Question 5

Which of the following constraints can be used with the top command?

Accepted Answer

A)  limit 
B)  useperc 
C)  addtotals 
D)  fieldcount 
A)  limit 
B)  useperc 
C)  addtotals 
D)  fieldcount

Question 6

When is the pipe character, I, used in search strings?

Accepted Answer

A)  Before clauses. For example: stats sum(bytes) | by host Before clauses. For example: stats sum(bytes) | by host 
B)  Before commands. For example: | stats sum(bytes) by host Before commands. For example: | stats sum(bytes) by host 
C)  Before arguments. For example: stats sum| (bytes) by host Before arguments. For example: stats sum| (bytes) by host 
D)  Before functions. For example: stats |sum(bytes) by host Before functions. For example: stats |sum(bytes) by host 
A)  Before clauses. For example: stats sum(bytes) | by host Before clauses. For example: stats sum(bytes) | by host 
B)  Before commands. For example: | stats sum(bytes) by host Before commands. For example: | stats sum(bytes) by host 
C)  Before arguments. For example: stats sum| (bytes) by host Before arguments. For example: stats sum| (bytes) by host 
D)  Before functions. For example: stats |sum(bytes) by host Before functions. For example: stats |sum(bytes) by host

Question 7

Which of the following is a Splunk search best practice?

Accepted Answer

A)  Filter as early as possible. 
B)  Never specify more than one index. 
C)  Include as few search terms as possible. 
D)  Use wildcards to return more search results. 
A)  Filter as early as possible. 
B)  Never specify more than one index. 
C)  Include as few search terms as possible. 
D)  Use wildcards to return more search results.

Question 8

Which of the statements are correct about HF? (Choose three.)

Accepted Answer

A)  Parsing 
B)  Masking 
C)  Searching 
D)  Forwarding 
A)  Parsing 
B)  Masking 
C)  Searching 
D)  Forwarding

Question 9

Which component of Splunk is primarily responsible for saving data?

Accepted Answer

A)  Search Head 
B)  Heavy Forwarder 
C)  Indexer 
D)  Universal Forwarder 
A)  Search Head 
B)  Heavy Forwarder 
C)  Indexer 
D)  Universal Forwarder

Question 10

Which search string returns a filed containing the number of matching events and names that field Event Count ?

Accepted Answer

A)  index=security failure | stats sum as "Event Count" 
B)  index=security failure | stats count as "Event Count" 
C)  index=security failure | stats count by "Event Count" 
D)  index=security failure | stats dc(count) as "Event Count" 
A)  index=security failure | stats sum as "Event Count" 
B)  index=security failure | stats count as "Event Count" 
C)  index=security failure | stats count by "Event Count" 
D)  index=security failure | stats dc(count) as "Event Count"

Question 11

Which of the following is the best way to create a report that shows the last 24 hours of events?

Accepted Answer

A)  Use earliest=-1d@d latest=@d Use earliest=-1d@d latest=@d 
B)  Set a real-time search over a 24-hour window 
C)  Use the time range picket to select "Yesterday" 
D)  Use the time range picker to select "Last 24 hours" 
A)  Use earliest=-1d@d latest=@d Use earliest=-1d@d latest=@d 
B)  Set a real-time search over a 24-hour window 
C)  Use the time range picket to select "Yesterday" 
D)  Use the time range picker to select "Last 24 hours"

Question 12

What is the primary use for the rare command?

Accepted Answer

A)  To sort field values in descending order. 
B)  To return only fields containing five of fewer values. 
C)  To find the least common values of a field in a dataset. 
D)  To find the fields with the fewest number of values across a dataset. 
A)  To sort field values in descending order. 
B)  To return only fields containing five of fewer values. 
C)  To find the least common values of a field in a dataset. 
D)  To find the fields with the fewest number of values across a dataset.

Question 13

What is Splunk?

Accepted Answer

A)  Splunk is a software platform to search, analyze and visualize the machine-generated data. 
B)  Database management tool. 
C)  Security Information and Event Management (SIEM). 
D)  Cloud based application that help in analyzing logs. 
A)  Splunk is a software platform to search, analyze and visualize the machine-generated data. 
B)  Database management tool. 
C)  Security Information and Event Management (SIEM). 
D)  Cloud based application that help in analyzing logs.

Question 14

You can view the search result in following format (Choose three.):

Accepted Answer

A)  Table 
B)  Raw 
C)  Pie Chart 
D)  List 
A)  Table 
B)  Raw 
C)  Pie Chart 
D)  List

Question 15

What does the values function of the stats command do?

Accepted Answer

A)  Lists all values of a given field. 
B)  Lists unique values of a given field. 
C)  Returns a count of unique values for a given field. 
D)  Returns the number of events that match the search. 
A)  Lists all values of a given field. 
B)  Lists unique values of a given field. 
C)  Returns a count of unique values for a given field. 
D)  Returns the number of events that match the search.

Question 16

Which command is used to validate a lookup file?

Accepted Answer

Question 17

Which command will rename action to Customer Action?

Accepted Answer

Question 18

Splunk indexes the data on the basis of timestamps.

Accepted Answer

A) True 
 B)False

Question 19

What is a suggested Splunk best practice for naming reports?

Accepted Answer

A)  Reports are best named using many numbers so they can be more easily sorted. 
B)  Use a consistent naming convention so they are easily separated by characteristics such as group and object. 
C)  Name reports as uniquely as possible with no overlap to differentiate them from one another. 
D)  Any naming convention is fine as long as you keep an external spreadsheet to keep track. 
A)  Reports are best named using many numbers so they can be more easily sorted. 
B)  Use a consistent naming convention so they are easily separated by characteristics such as group and object. 
C)  Name reports as uniquely as possible with no overlap to differentiate them from one another. 
D)  Any naming convention is fine as long as you keep an external spreadsheet to keep track.

Question 20

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)

Accepted Answer

A)  h 
B)  day 
C)  mon 
D)  yr 
E)  y
F) w
G) week
H) d
I) s
J) m 
A)  h 
B)  day 
C)  mon 
D)  yr 
E)  y
F) w
G) week
H) d
I) s
J) m

Which command automatically returns percent and count columns when executing searches?

By default, how long does Splunk retain a search job?

Which of the following is true about user account settings and preferences?

The better way of writing search query for index is:

Which of the following constraints can be used with the top command?

When is the pipe character, I, used in search strings?

Which of the following is a Splunk search best practice?

Which of the statements are correct about HF? (Choose three.)

Which component of Splunk is primarily responsible for saving data?

Which search string returns a filed containing the number of matching events and names that field Event Count ?

Which of the following is the best way to create a report that shows the last 24 hours of events?

What is the primary use for the rare command?

What is Splunk?

You can view the search result in following format (Choose three.):

What does the values function of the stats command do?

Which command is used to validate a lookup file?

Which command will rename action to Customer Action?

Splunk indexes the data on the basis of timestamps.

What is a suggested Splunk best practice for naming reports?

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 1: Splunk Core Certified User

Which command automatically returns percent and count columns when executing searches?

By default, how long does Splunk retain a search job?

Which of the following is true about user account settings and preferences?

The better way of writing search query for index is:

Which of the following constraints can be used with the top command?

When is the pipe character, I, used in search strings?

Which of the following is a Splunk search best practice?

Which of the statements are correct about HF? (Choose three.)

Which component of Splunk is primarily responsible for saving data?

Which search string returns a filed containing the number of matching events and names that field Event Count ?

Which of the following is the best way to create a report that shows the last 24 hours of events?

What is the primary use for the rare command?

What is Splunk?

You can view the search result in following format (Choose three.):

What does the values function of the stats command do?

Which command is used to validate a lookup file?

Which command will rename action to Customer Action?

Splunk indexes the data on the basis of timestamps.

What is a suggested Splunk best practice for naming reports?

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters