Practice Free SPLK-1001 Exam Online Questions – Page 4

Question #31

When is an alert triggered?

A . When Splunk encounters a syntax error in a search
B . When a trigger action meets the predefined conditions
C . When an event in a search matches up with a data model
D . When results of a search meet a specifically defined condition

Reveal Solution Hide Solution

Question #32

Which of the following is a Splunk internal field?

A . _raw
B . host
C . _host
D . index

Reveal Solution Hide Solution

Question #33

In the fields sidebar, what indicates that a field is numeric?

A . A number to the right of the field name.
B . A # symbol to the left of the field name.
C . A lowercase n to the left of the field name.
D . A lowercase n to the right of the field name.

Reveal Solution Hide Solution

Question #34

Which of the following searches would return only events that match the following criteria?

• Events are inside the main index

• The field status exists in the event

• The value in the status field does not equal 200

A . index==main status!==200
B . index=main NOT status=200
C . index==main NOT status==200
D . index-main status!=200

Reveal Solution Hide Solution

Question #35

When viewing the results of a search, what is an Interesting Field?

A . A field that appears in any event
B . A field that appears in every event
C . A field that appears in the top 10 events
D . A field that appears in at least 20% of the events

Reveal Solution Hide Solution

Question #36

Which of the statements is correct regarding click and drag option in timeline?

A . The new result after selecting the range by dragging filters the events and displays the most recent first.
B . There is no functionality like click and drag in Splunk’s timeline.
C . Using this option executes a new query.
D . This doesn’t execute a new query

Reveal Solution Hide Solution

Question #37

What options do you get after selecting timeline? (Choose four.)