SPLK-1001 Online Practice Questions and Answers

Which of the following is a metadata field assigned to every event in Splunk?

A. host

B. owner

C. bytes

D. action

Which of the following represents the Splunk recommended naming convention for dashboards?

A. Description_Group_Object

B. Group_Description_Object

C. Group_Object_Description

D. Object_Group_Description

What syntax is used to link key/value pairs in search strings?

A. action+purchase

B. action=purchase

C. action | purchase

D. action equal purchase

Snapping rounds down to the nearest specified unit.

A. Yes

B. No

When editing a dashboard, which of the following are possible options? (select all that apply)

A. Add an output.

B. Export a dashboard panel.

C. Modify the chart type displayed in a dashboard panel.

D. Drag a dashboard panel to a different location on the dashboard.

Three basic components of Splunk are (Choose three.):

A. Forwarders

B. Deployment Server

C. Indexer

D. Knowledge Objects

E. Index

F. Search Head

Put query into separate lines where | (Pipes) are used by selecting following options.

A. CTRL + Enter

B. Shift + Enter

C. Space + Enter

D. ALT + Enter

The four types of Lookups that Splunk provides out-of-the-box are External, KV Store, Geospatial and which of the following?

A. Correlated

B. File-based

C. Total

D. Segmented

Which of the following reports is available in the Fields window?

A. Top values by time

B. Rare values by time

C. Events with top value fields

D. Events with rare value fields

In the Search and Reporting app, which is a default selected field?

A. index

B. action

C. _time

D. host