Practice Free SPLK-1001 Exam Online Questions
Question #21
In the Splunk interface, the list of alerts can be filtered based on which characteristics?
- A . App, Owner, Severity, and Type
- B . App, Owner, Priority, and Status
- C . App, Dashboard, Severity, and Type
- D . App, Time Window, Type, and Severity
Question #22
Which statement is true about the top command?
- A . It returns the top 10 results
- B . It displays the output in table format
- C . It returns the count and percent columns per row
- D . All of the above
Question #23
What can be included in the All Fields option in the sidebar?
- A . Dashboards
- B . Metadata only
- C . Non-interesting fields
- D . Field descriptions
Question #24
Universal forwarder is recommended for forwarding the logs to indexers.
- A . False
- B . True
Question #25
Which of the following is a correct way to limit search results to display the 5 most common values of a field?
- A . | rare top=5
- B . | top rare=5
- C . | top limit=5
- D . | rare limit=5
Question #26
Question #27
Given the following SPL search, how many rows of results would you expect to be returned by default?
index=security sourcetype=linux_secure (fail* OR invalid) I top src__ip
- A . 10
- B . 50
- C . 100
- D . 20
Question #28
Question #29
Question #30
How many minutes, by default, is the time to live (ttl) for an ad-hoc search job?
- A . 5 minutes
- B . 1 minute
- C . 10 minutes
- D . 60 minutes