Practice Free SPLK-1001 Exam Online Questions
Question #51
Which of the following fields is stored with the events in the index?
- A . user
- B . source
- C . location
- D . sourcelp
Question #52
Question #53
How can search results be kept longer than 7 days?
- A . By scheduling a report.
- B . By creating a link to the job.
- C . By changing the job settings.
- D . By changing the time range picker to more than 7 days.
Question #54
This function of the stats command allows you to return the middle-most value of field X.
- A . Median(X)
- B . Eval by X
- C . Fields(X)
- D . Values(X)
Question #55
What will always appear in the Selected Fields list?
- A . index
- B . action
- C . clientip
- D . sourcetype
Question #56
NOT status = 100:
- A . Will display result depending on the data.
- B . Will return event where status field exist but value of that field is not 100.
- C . Will return event where status field exist but value of that field is not 100 and all events where status field doesn’t exist.
Question #57
Which of the following statements about case sensitivity is true?
- A . Both field names and field values ARE case sensitive.
- B . Field names ARE case sensitive; field values are NOT.
- C . Field values ARE case sensitive; field names ARE NOT.
- D . Both field names and field values ARE NOT case sensitive.
Question #58
Which search string only returns events from hostWWW3?
- A . host=WWW3
- B . host=WWW*
- C . Host=WWW3
Question #59
______________ is the default web port used by Splunk.
- A . 8089
- B . 8000
- C . 8080
- D . 443
Question #60
How can another user gain access to a saved report?
- A . The owner of the report can edit permissions from the Edit dropdown
- B . Only users with an Admin or Power User role can access other users’ reports
- C . Anyone can access any reports marked as public within a shared Splunk deployment
- D . The owner of the report must clone the original report and save it to their user account