Splunk Fundamentals 2

Question 1

What does a Sparse search type mean?

• Returns a small number of results from each index bucket matching the search
• A small percentage of the data matches the search
• A large percentage of the data matches the search
• The indexer checks all buckets to find results, bot bloom filters eliminate those buckets that don’t include search results

Answer 1

A small percentage of the data matches the search

Question 2

NOT,OR,AND are examples of what?

• Comparisons
• Booleans
• Keywords
• Phrases

Answer 2

Booleans

Question 3

What is the fields command used for?

• Includes or excludes specified fields
• Renames a field in results
• Returns table containing only specified fields in result set
• Removes duplicates from results

Answer 3

Includes or excludes specified fields

Question 4

What happens when you select Multi-series: Yes with timechart command?

• “Yes” causes each field value to share the x-axis
• “Yes” causes the y-axis to split for each field value
• “Yes” causes each field value to share the y-axis
• “Yes” causes the x-axis to split for each field value

Answer 4

“Yes” causes the y-axis to split for each field value

Question 5

Which of the following are case sensitive in Splunk?

• Tags
• Field names
• Boolean operations
• Field values

Answer 5

Tags, Field names, Boolean operations

Question 6

What is wrong with the following search? Index=_internal sourcetype=splunkd or sourcetype=audittrail | timechart count BY component

• Boolean operator should be uppercase
• “I” in Index should be lowercase
• Command clause should be lowercase
• There is no “timechart” command

Answer 6

Boolean operator should be uppercase, “I” in Index should be lowercase, Command clause should be lowercase

Question 7

Which of the following are transforming search commands?

• top
• stats
• timechart
• fields

Answer 7

top, stats, timechart

Question 8

Which of the following are search types in Splunk?

• Super Sparse
• Sparse
• Dense
• Rare

Answer 8

Sparse, Dense, Rare

Question 9

Splunk contains several chart types, which of the following are chart types?

• Table
• Area
• Line
• Pie

Answer 9

Area, Line, Pie

Question 10

How many results does chart and timechart command automatically filter to include?

• 5 highest values
• 10 lowest values
• 10 highest values
• 5 lowest values

Answer 10

10 highest values

Question 11

When using the timechart command, which field is the x-axis?

• value
• sourcetype
• _time
• product

Answer 11

_time

Question 12

The iplocation command can be used to add location information to events. Which information fields are added by the command?

• Country
• Latitude
• Longitude
• Continent

Answer 12

Country, Latitude, Longitude

Question 13

What is the trendline command used for?

• Allows you to overlay a computed moving “count” on a chart.
• Allows you to overlay a computed moving “sum” on a chart.
• Allows you to overlay a computed moving “avg” on a chart.
• Allows you to overlay a computed moving “dc” on a chart.

Answer 13

Allows you to overlay a computed moving “avg” on a chart.

Question 14

What values must be included for geostats command?

• latitude
• logitude
• _time
• count

Answer 14

latitude, logitude

Question 15

Which command(s) can be used to filter results?

• filter
• where
• search
• showonly

Answer 15

where

Question 16

The transaction command produces additional fields, which ones?

• summary
• eventcount
• duration
• transaction

Answer 16

eventcount, duration

Question 17

By default, there’s a limit of 1000 events per transaction. Which .conf file should you edit to override this value?

• server.conf
• limits.conf
• props.conf
• transforms.conf

Answer 17

props.conf

Question 18

Which of the following are examples of knowledge objects in Splunk?

• Lookups
• Eventtypes
• Field extractions
• Indexes

Answer 18

Lookups, Eventtypes, Field extractions

Question 19

What methods can you use to extract fields with the field extractor(fx)?

• XML
• Delimiter
• Regex
• JSON

Answer 19

Delimiter, Regex

Question 20

Where should you navigate to create a calculated field?

• Settings > Fields > Field extractions > New Calculated Field
• Settings > Fields > Field transformations > New Calculated Field
• Settings > Fields > Calculated Fields > New Calculated Field
• Settings > Fields > Field aliases > New Calculated Field

Answer 20

Settings > Fields > Calculated Fields > New Calculated Field

Question 21

What’s the keyboard shortcuts to check the content of a macro from the search bar?

• Command+Shift+M / Control+Shift+M
• Command+Shift+F / Control+Shift+F
• Command+Shift+E / Control+Shift+E
• Command+Shift+A / Control+Shift+A

Answer 21

Command+Shift+E / Control+Shift+E

Question 22

Which types of datasets can a data model consist of?

• Transactions
• Events
• Searches
• Metrics

Answer 22

Transactions, Events, Searches

Question 23

What is the Common Information Model (CIM) Add-on used for?

• Create workflow actions
• Ingest data from CIM data sources
• Normalization of data
• Alert trigger actions

Answer 23

Normalization of data