Practice Free SPLK-1001 Exam Online Questions
Question #71
Which statement is true about Splunk alerts?
- A . Alerts are based on searches that are either run on a scheduled interval or in real-time.
- B . Alerts are based on searches and when triggered will only send an email notification.
- C . Alerts are based on searches and require cron to run on scheduled interval.
- D . Alerts are based on searches that are run exclusively as real-time.
Question #72
By default, which of the following fields would be listed in the fields sidebar under interesting Fields?
- A . host
- B . index
- C . source
- D . sourcetype
Question #73
What are the two most efficient search filters?
- A . _time and host
- B . _time and index
- C . host and sourcetype
- D . index and sourcetype
Question #74
Log filtering/parsing can be done from _____________.
- A . Index Forwarders (IF)
- B . Universal Forwarders (UF)
- C . Super Forwarder (SF)
- D . Heavy Forwarders (HF)
Question #75
You can on-board data to Splunk using following means (Choose four.):
- A . Props
- B . CLI
- C . Splunk Web
- D . savedsearches.conf
- E . Splunk apps and add-ons
- F . indexes.conf
- G . inputs.conf
- H . metadata.conf