Back

Practice Free SPLK-1001 Exam Online Questions

Question #11

Which of the following is an option after clicking an item in search results?

  • A . Saving the item to a report
  • B . Adding the item to the search.
  • C . Adding the item to a dashboard
  • D . Saving the search to a JSON file.

Reveal Solution Hide Solution

Question #12

Which of the following searches will show the number of categoryld used by each host?

  • A . Sourcetype=access_* |sum bytes by host
  • B . Sourcetype=access_* |stats sum(categorylD) by host
  • C . Sourcetype=access_* |sum(bytes) by host
  • D . Sourcetype=access_* |stats sum by host

Reveal Solution Hide Solution

Question #13

By default, which role contains the minimum permissions required to have write access to Splunk alerts?

  • A . User
  • B . Alerting
  • C . Power
  • D . Admin

Reveal Solution Hide Solution

Question #14

In the fields sidebar, which character denotes alphanumeric field values?

  • A . #
  • B . %
  • C . a
  • D . a#

Reveal Solution Hide Solution

Question #15

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

  • A . No events will be returned.
  • B . Splunk will prompt you to specify an index.
  • C . All non-indexed events to which the user has access will be returned.
  • D . Events from every index searched by default to which the user has access will be returned.

Reveal Solution Hide Solution

Question #16

Define the lookup

  • A . 2,1,3
  • B . 1,2,3
  • C . 2,3,1
  • D . 3,2,1

Reveal Solution Hide Solution

Question #17

Which of the following is a best practice when writing a search string?

  • A . Include all formatting commands before any search terms
  • B . Include at least one function as this is a search requirement
  • C . Include the search terms at the beginning of the search string
  • D . Avoid using formatting clauses as they add too much overhead

Reveal Solution Hide Solution

Question #18

Fields are searchable name and value pairings that differentiates one event from another.

  • A . False
  • B . True

Reveal Solution Hide Solution

Question #19

Assuming a user has the capability to edit reports, which of the following are editable?

  • A . Acceleration, schedule, permissions
  • B . The report’s name, schedule, permissions
  • C . The report’s name, acceleration, schedule
  • D . The report’s name, acceleration, permissions

Reveal Solution Hide Solution

Question #20

What is a primary function of a scheduled report?

  • A . Auto-detect changes in performance
  • B . Auto-generated PDF reports of overall data trends
  • C . Regularly scheduled archiving to keep disk space use low
  • D . Triggering an alert in your Splunk instance when certain conditions are met

Reveal Solution Hide Solution