Fund1

Question 1

Machine data is always structured.

Answer 1

False

Question 2

Which of these is not a main component of Splunk?

• Compress and archive
• Search and investigate
• Add knowledge
• Collect and index data

Answer 2

Compress and archive

Question 3

Machine data makes up for more than ___% of the data accumulated by organizations.

Answer 3

90

Question 4

Machine data is only generated by web servers.

Answer 4

False

Question 5

Search strings are sent from the _________.

Answer 5

Search Head

Question 6

When a search is sent to splunk, it becomes a _____.

Answer 6

Search Job

Question 7

Commands that create statistics and visualizations are called _______________ commands.

Answer 7

Transforming

Question 8

Which search mode toggles behavior based on the type of search being run?

Answer 8

Smart

Question 9

Which is not a comparison operator in Splunk?
=
>
<=
!=
?=

Answer 9

?=

Question 10

Events are always returned in chronological order.

Answer 10

False

Question 11

As a general practice, exclusion is better than inclusion in a Splunk search.

Answer 11

False

Question 12

This symbol is used in the “Advanced” section of the time range picker to round down to nearest unit of specified time.

Answer 12

@

Question 13

What is the most efficient way to filter events in Splunk?

Answer 13

By Time

Question 14

Which command removes results with duplicate field values?

Answer 14

Dedup

Question 15

What is missing from this search?

{ sourcetype=a* | rename ip as “User IP” | table User IP }

Answer 15

Quotation marks around User IP.

Question 16

Would the ip column be removed in the results of this search? Why or why not?
{ sourcetype=a* | rename ip as “user” | fields - ip }

Answer 16

No, because the name was changed.

Question 17

Which stats function would you use to find the average value of a field?

Answer 17

avg

Question 18

To display the most common values in a specific field, what command would you use?

Answer 18

top

Question 19

Which one of these is not a stats function?

Answer 19

Addtotals

Question 20

What needs to be returned by a search to view results as a chart?

Answer 20

Statistical values

Question 21

In a dashboard, a time range picker will only work on panels that include a(n) __________ search.

Answer 21

inline

Question 22

A time range picker can be included in a report.

Answer 22

True

Question 23

These are knowledge objects that provide the data structure for pivot.

Answer 23

Data models

Question 24

Adding child data model objects is like the ______ Boolean in the Splunk search language.

Answer 24

AND

Question 25

The instant pivot button is displayed in the statistics and visualization tabs when a _______ search is run.

Answer 25

non-transforming

Question 26

When using a .csv file for Lookups, the first row in the file represents this.

Answer 26

Field names

Question 27

Finish this search command so that it displays data from the http_status.csv Lookup file. {_________ http_status.cvs }

Answer 27

inputlookup

Question 28

External data used by a Lookup can come from sources like:

Answer 28

Scripts Geospatial data CSV files

Question 29

Alerts can run uploaded scripts.

Answer 29

True

Question 30

Alerts can be shared to all apps.

Answer 30

True

Question 31

Once an alert is created, you can no longer edit its defining search.

Answer 31

False

Question 32

You can launch and manage apps from the home app.

Answer 32

True

Question 33

_________ define what users can do in Splunk.

Answer 33

Roles

Question 34

What are the three main default roles in Splunk Enterprise?

Answer 34

User, Admin, Power