Question 1

We should use heavy forwarder for sending event-based data to Indexers.

Accepted Answer

A) True 
 B)False

Question 2

Data summary button just below the search bar gives you the following (Choose three.):

Accepted Answer

A)  Hosts 
B)  Sourcetypes 
C)  Sources 
D)  Indexes 
A)  Hosts 
B)  Sourcetypes 
C)  Sources 
D)  Indexes

Question 3

Prefix wildcards might cause performance issues.

Accepted Answer

A) True 
 B)False

Question 4

You can use the following options to specify start and end time for the query range:

Accepted Answer

A)  earliest= 
B)  latest= 
C)  beginning= 
D)  ending= 
E)  All the above
F) Only 3rd and 4th 
A)  earliest= 
B)  latest= 
C)  beginning= 
D)  ending= 
E)  All the above
F) Only 3rd and 4th

Question 5

Log filtering/parsing can be done from _____________.

Accepted Answer

A)  Index Forwarders (IF) 
B)  Universal Forwarders (UF) 
C)  Super Forwarder (SF) 
D)  Heavy Forwarders (HF) 
A)  Index Forwarders (IF) 
B)  Universal Forwarders (UF) 
C)  Super Forwarder (SF) 
D)  Heavy Forwarders (HF)

Question 6

What is the correct syntax to count the number of events containing a vendor_action field?

Accepted Answer

A)  count stats vendor_action 
B)  count stats (vendor_action) 
C)  stats count (vendor_action) 
D)  stats vendor_action (count) 
A)  count stats vendor_action 
B)  count stats (vendor_action) 
C)  stats count (vendor_action) 
D)  stats vendor_action (count)

Question 7

What type of search can be saved as a report?

Accepted Answer

A)  Any search can be saved as a report. 
B)  Only searches that generate visualizations. 
C)  Only searches containing a transforming command. 
D)  Only searches that generate statistics or visualizations. 
A)  Any search can be saved as a report. 
B)  Only searches that generate visualizations. 
C)  Only searches containing a transforming command. 
D)  Only searches that generate statistics or visualizations.

Question 8

What user interface component allows for time selection?

Accepted Answer

A)  Time summary 
B)  Time range picker 
C)  Search time picker 
D)  Data source time statistics 
A)  Time summary 
B)  Time range picker 
C)  Search time picker 
D)  Data source time statistics

Question 9

Which search string is the most efficient?

Accepted Answer

A)  "failed password" 
B)  "failed password"* 
C)  index=* "failed password" 
D)  index=security "failed password" 
A)  "failed password" 
B)  "failed password"* 
C)  index=* "failed password" 
D)  index=security "failed password"

Question 10

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

Accepted Answer

A)  Click All Fields and select the field to add it to Selected Fields. 
B)  Click Interesting Fields and select the field to add it to Selected Fields. 
C)  Click Selected Fields and select the field to add it to Interesting Fields. 
D)  This scenario isn't possible because all fields returned from a search always appear in the fields sidebar. 
A)  Click All Fields and select the field to add it to Selected Fields. 
B)  Click Interesting Fields and select the field to add it to Selected Fields. 
C)  Click Selected Fields and select the field to add it to Interesting Fields. 
D)  This scenario isn't possible because all fields returned from a search always appear in the fields sidebar.

Question 11

What must be done in order to use a lookup table in Splunk?

Accepted Answer

A)  The lookup must be configured to run automatically. 
B)  The contents of the lookup file must be copied and pasted into the search bar. 
C)  The lookup file must be uploaded to Splunk and a lookup definition must be created. 
D)  The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion. 
A)  The lookup must be configured to run automatically. 
B)  The contents of the lookup file must be copied and pasted into the search bar. 
C)  The lookup file must be uploaded to Splunk and a lookup definition must be created. 
D)  The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Question 12

What can be configured using the Edit Job Settings menu?

Accepted Answer

A)  Export the result to CSV format. 
B)  Add the Job results to a dashboard. 
C)  Schedule the Job to re-run in 10 minutes. 
D)  Change Job Lifetime from 10 minutes to 7 days. 
A)  Export the result to CSV format. 
B)  Add the Job results to a dashboard. 
C)  Schedule the Job to re-run in 10 minutes. 
D)  Change Job Lifetime from 10 minutes to 7 days.

Question 13

Uploading local files though Upload options index the file only once.

Accepted Answer

A)  No 
B)  Yes 
A)  No 
B)  Yes

Question 14

Which Boolean operator is always implied between two search terms, unless otherwise specified?

Accepted Answer

A)  OR 
B)  NOT 
C)  AND 
D)  XOR 
A)  OR 
B)  NOT 
C)  AND 
D)  XOR

Question 15

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Accepted Answer

A)  host 
B)  index 
C)  source 
D)  sourcetype 
A)  host 
B)  index 
C)  source 
D)  sourcetype

Question 16

Select the correct option that applies to Index time processing (Choose three.).

Accepted Answer

A)  Indexing 
B)  Searching 
C)  Parsing 
D)  Settings 
E)  Input 
A)  Indexing 
B)  Searching 
C)  Parsing 
D)  Settings 
E)  Input

Question 17

What does the stats command do?

Accepted Answer

A)  Automatically correlates related fields. 
B)  Converts field values into numerical values. 
C)  Calculates statistics on data that matches the search criteria. 
D)  Analyzes numerical fields for their ability to predict another discrete field. 
A)  Automatically correlates related fields. 
B)  Converts field values into numerical values. 
C)  Calculates statistics on data that matches the search criteria. 
D)  Analyzes numerical fields for their ability to predict another discrete field.

Question 18

Which of the following index searches would provide the most efficient search performance?

Accepted Answer

A)  index=* 
B)  index=web OR index=s* 
C)  (index=web OR index=sales) 
D)  *index=sales AND index=web* 
A)  index=* 
B)  index=web OR index=s* 
C)  (index=web OR index=sales) 
D)  *index=sales AND index=web*

Question 19

What are the steps to schedule a report?

Accepted Answer

A)  After saving the report, click Schedule. 
B)  After saving the report, click Event Type. 
C)  After saving the report, click Scheduling. 
D)  After saving the report, click Dashboard Panel. 
A)  After saving the report, click Schedule. 
B)  After saving the report, click Event Type. 
C)  After saving the report, click Scheduling. 
D)  After saving the report, click Dashboard Panel.

Question 20

In the fields sidebar, which character denotes alphanumeric field values?

Accepted Answer

A)  # 
B)  % 
C)  a 
D)  a# 
A)  # 
B)  % 
C)  a 
D)  a#

We should use heavy forwarder for sending event-based data to Indexers.

Data summary button just below the search bar gives you the following (Choose three.):

Prefix wildcards might cause performance issues.

You can use the following options to specify start and end time for the query range:

Log filtering/parsing can be done from _____________.

What is the correct syntax to count the number of events containing a vendor_action field?

What type of search can be saved as a report?

What user interface component allows for time selection?

Which search string is the most efficient?

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

What must be done in order to use a lookup table in Splunk?

What can be configured using the Edit Job Settings menu?

Uploading local files though Upload options index the file only once.

Which Boolean operator is always implied between two search terms, unless otherwise specified?

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Select the correct option that applies to Index time processing (Choose three.).

What does the stats command do?

Which of the following index searches would provide the most efficient search performance?

What are the steps to schedule a report?

In the fields sidebar, which character denotes alphanumeric field values?

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 1: Splunk Core Certified User

We should use heavy forwarder for sending event-based data to Indexers.

Data summary button just below the search bar gives you the following (Choose three.):

Prefix wildcards might cause performance issues.

You can use the following options to specify start and end time for the query range:

Log filtering/parsing can be done from _____________.

What is the correct syntax to count the number of events containing a vendor_action field?

What type of search can be saved as a report?

What user interface component allows for time selection?

Which search string is the most efficient?

A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?

What must be done in order to use a lookup table in Splunk?

What can be configured using the Edit Job Settings menu?

Uploading local files though Upload options index the file only once.

Which Boolean operator is always implied between two search terms, unless otherwise specified?

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Select the correct option that applies to Index time processing (Choose three.).

What does the stats command do?

Which of the following index searches would provide the most efficient search performance?

What are the steps to schedule a report?

In the fields sidebar, which character denotes alphanumeric field values?

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters