What is the default lifetime of every Splunk search job?

All search jobs are saved for 10 minutes

All search jobs are saved for 10 days

All search jobs are saved for 10 hours

All search jobs are saved for 10 weeks

Which search will return the 15 least common field values for the dest_ip field?

sourcetype=firewall | rare limit=15 dest_ip

sourcetype=firewall | rare num=15 dest_ip

sourcetype=firewall | rare last=15 dest_ip

sourcetype=firewall | rare count=15 dest_ip

When is an alert triggered?

When results of a search meet a specifically defined condition

When Splunk encounters a syntax error in a search

When a trigger action meets the predefined conditions

When an event in a search matches up with a data model

What are the three main Splunk components?

Search head, indexer, forwarder

Search head, SQL database, forwarder

Search head, SSD, heavy weight agent

Which statement describes field discovery at search time?

Splunk automatically discovers only fields directly related to the search results

Splunk automatically discovers only numeric fields

Splunk automatically discovers only alphanumeric fields

Splunk automatically discovers only manually configured fields

What is the result of the following search? index=myindex source=c:\mydata.txt NOT error=*

Only data that does not contain the error field will be displayed.

Only data where the value of the field error does not equal an asterisk (*) will be displayed.

Only data with a value in the field error will be displayed.

Only data where the error field is present and does not contain a value will be displayed.

When refining search results, what is the difference in the time picker between real-time and relative time ranges?

Real-time searches display results from a rolling time window, while relative searches display results from a set length of time.

Real-time searches happen instantly, while relative searches happen at a scheduled time.

Real-time represents events that have happened in a set time window, while relative will display results from a rolling time window.

Real-time searches run constantly in the background, while relative searches only run when certain criteria are met.

A SOC manager is complaining that a scheduled alert for failed login attempts triggered 150 emails. They still want to be alerted of failed logins via email, but they want less volume of alerts. Which of the following would resolve this for the SOC manager?

Change the trigger from "For each result" to "Once''.

Change the schedule so the alert runs more frequently.

Change the alert action from email to webhook.

Which of the following is the appropriately formatted SPL search?

index=security sourcetype=linux_secure (invalid OR failed) | stats count as "Potential Issues"

index=security sourcetype=linux_secure (invalid OR failed) | count as "Potential Issues"

index=security sourcetype=linux_secure (invalid OR failed) | count stats as "Potential Issues"

index=security sourcetype=linux_secure (invalid OR failed) | stats as "Potential Issues"

When using the top command in the following search, which of the following will be true about the results? index="main" sourcetype="access_*" action="purchase" | top 3 statusCcde by user showperc=f countfield=status_code_count

The top three most common values in statusCode will be displayed for each user.

The percentage field will be displayed in the results.

The search will fail. The proper top command format is top limit=3 instead of top 3.

Only the top three overall most common values in statusCode will be displayed.

When using the following search arguments, what will be returned? | timechart count span=1h

chart of events in 1 hour chunks

events with a duration of 1 hour

What will the strftime function return when using the %H argument with the _time field? Select all that apply.

convert the hour into your local time based on your time zone setting of your Splunk web sessions

hour of the event generated at index time

Which of the following methods can be used to manually extract fields? Select all that apply.

The Regular Expression Generator

What are the primary functions of a workflow action? Select all that apply

Communicating with an external source using the HTTP GET method

Passing information back to Splunk to run a secondary search

Communicating with an external source using the HTTP POST method

Passing information to external deployments to query additional indexes

By default, when a knowledge object is created, who can access its contents?

The user who created it or a user with an admin role

Any power user in the environment

Any user of the app in which it was created

When a user has left your organization, what happens to their knowledge objects?

An admin can reassign them to another user.

They are automatically reassigned to an admin.

They are automatically reassigned to a power user.

A power user can reassign them to another user.

If a dashboard panel is powered by a scheduled report, how frequently will its contents update?

The dashboard panel updates based on the underlying report's scheduling settings.

Dashboard panels will update based on the dashboard's time range picker.

Dashboard panels cannot be linked to scheduled reports.

The dashboard panel updates any time the dashboard is opened or manually refreshed.

When are actions triggered for a real-time alert?

As soon as alert conditions are met

Within a five minute window of its cron schedule

As soon as the related report is run

Within a 60 second window of its cron schedule

Splunk Quiz 4

Quiz

•

Instructional Technology

•

Professional Development

•

Practice Problem

•

Easy

Test Cape

Used 3+ times

FREE Resource

Student preview

The number of unique values for the field

The numeric non-unique values of the field

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Instructional Technology

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...