Splunk Core Certified User v1.0

Page:    1 / 14   
Exam contains 213 questions
Expand All

When an alert action is configured to run a script, Splunk must be able to locate the script.
Which is one of the directories Splunk will look in to find the script?

  • A. $SPLUNK_HOME/bin/scripts
  • B. $SPLUNK_HOME/etc/scripts
  • C. $SPLUNK_HOME/bin/etc/scripts
  • D. $SPLUNK_HOME/etc/scripts/bin


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Alert/Configuringscriptedalerts

Which Boolean operator is always implied between two search terms, unless otherwise specified?

  • A. OR
  • B. NOT
  • C. AND
  • D. XOR


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Booleanexpressions

What does the values function of the stats command do?

  • A. Lists all values of a given field.
  • B. Lists unique values of a given field.
  • C. Returns a count of unique values for a given field.
  • D. Returns the number of events that match the search.


Answer : C

Which stats command function provides a count of how many unique values exist for a given field in the result set?

  • A. dc(field)
  • B. count(field)
  • C. count-by(field)
  • D. distinct-count(field)


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Usethestatscommandandfunctions

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

  • A. An app
  • B. JSON
  • C. A role
  • D. An enhanced solution


Answer : A

Which statement is true about Splunk alerts?

  • A. Alerts are based on searches that are either run on a scheduled interval or in real-time.
  • B. Alerts are based on searches and when triggered will only send an email notification.
  • C. Alerts are based on searches and require cron to run on scheduled interval.
  • D. Alerts are based on searches that are run exclusively as real-time.


Answer : A

What is the purpose of using a by clause with the stats command?

  • A. To group the results by one or more fields.
  • B. To compute numerical statistics on each field.
  • C. To specify how the values in a list are delimited.
  • D. To partition the input data based on the split-by fields.


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/
Stats#1._Compare_the_difference_between_using_the_stats_and_chart_commands

How do you add or remove fields from search results?

  • A. Use field +to add and field -to remove.
  • B. Use table +to add and table -to remove.
  • C. Use fields +to add and fields ג€"to remove.
  • D. Use fields Plus to add and fields Minus to remove.


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Fields

A field exists in search results, but isnג€™t being displayed in the fields sidebar.
How can it be added to the fields sidebar?

  • A. Click All Fields and select the field to add it to Selected Fields.
  • B. Click Interesting Fields and select the field to add it to Selected Fields.
  • C. Click Selected Fields and select the field to add it to Interesting Fields.
  • D. This scenario isnג€™t possible because all fields returned from a search always appear in the fields sidebar.


Answer : A

In the fields sidebar, which character denotes alphanumeric field values?

  • A. #
  • B. %
  • C. a
  • D. a#


Answer : C

What is the main requirement for creating visualizations using the Splunk UI?

  • A. Your search must transform event data into Excel file format first.
  • B. Your search must transform event data into XML formatted data first.
  • C. Your search must transform event data into statistical data tables first.
  • D. Your search must transform event data into JSON formatted data first.


Answer : B

What syntax is used to link key/value pairs in search strings?

  • A. action+purchase
  • B. action=purchase
  • C. action | purchase
  • D. action equal purchase


Answer : B

What user interface component allows for time selection?

  • A. Time summary
  • B. Time range picker
  • C. Search time picker
  • D. Data source time statistics


Answer : B

Which of the following searches will return results where fail, 400, and error exist in every event?

  • A. error AND (fail AND 400)
  • B. error OR (fail and 400)
  • C. error AND (fail OR 400)
  • D. error OR fail OR 400


Answer : C

When placed early in a search, which command is most effective at reducing search execution time?

  • A. dedup
  • B. rename
  • C. sort -
  • D. fields +


Answer : A

Page:    1 / 14   
Exam contains 213 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy