Practice Free SPLK-1001 Exam Online Questions

Question #1

Which of the following are functions of the stats command?

Question #2

Which Boolean operator is implied between search terms, unless otherwise specified?

Question #3

How does Splunk determine which fields to extract from data?

A . Splunk only extracts the most interesting data from the last 24 hours.
B . Splunk only extracts fields users have manually specified in their data.
C . Splunk automatically extracts any fields that generate interesting visualizations.
D . Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

Question #4

In automatic lookup definitions, the _____ fields are those that are not in the event data.

Question #5

By default, all users have DELETE permission to ALL knowledge objects.

Question #6

What is the default lifetime of every Splunk search job?

Question #7

This function of the stats command allows you to return the sample standard deviation of a field.

Question #8

Which is a primary function of the timeline located under the search bar?

A . To differentiate between structured and unstructured events in the data
B . To sort the events returned by the search command in chronological order
C . To zoom in and zoom out. although this does not change the scale of the chart
D . To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime

Question #9

Which of the following is a Splunk search best practice?

Question #10

What is the result of the following search?

index=myindex source=c: mydata. txt NOT error=*

A . Only data where the error field is present and does not contain a value will be displayed.
B . Only data with a value in the field error will be displayed.
C . Only data that does not contain the error field will be displayed.
D . Only data where the value of the field error does not equal an asterisk (*) will be displayed.

1 2 3 4 5 6 7 8

Exams