Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

index=security sourcetype=access_* status=200 | stats count by price

index=security sourcetype=access_* status=200 stats | count by price

index=security sourcetype=access_* status=200 | stats count | by price

index=security sourcetype=access_* | status=200 | stats count by price

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

Modify the chart type displayed in a dashboard panel.

Drag a dashboard panel to a different location on the dashboar

How can search results be kept longer than 7 days?

By changing the time range picker to more than 7 days.

Which of the following is a Splunk search best practice?

Never specify more than one index.

Include as few search terms as possible.

Use wildcards to return more search results.

When looking at a dashboard panel that is based on a report, which of the following is true?

You cannot modify the search string in the panel, but you can change and configure the visualization.

You can modify the search string in the panel, and you can change and configure the visualization.

You can modify the search string in the panel, but you cannot change and configure the visualization.

You cannot modify the search string in the panel, and you cannot change and configure the visualization.

When displaying results of a search, which of the following is true about line charts?

Line charts are optimal for single and multiple series.

Line charts are optimal for single series when using Fast mode.

Line charts are optimal for multiple series with 3 or more columns.

Line charts are optimal for multiseries searches with at least 2 or more columns.

How are events displayed after a search is executed?

In reverse chronological order.

Alphabetically according to field name.

Which of the following is true about user account settings and preferences?

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Search & Reporting is the only app that can be set as the default application.

Full names can only be changed by accounts with a Power User or Admin role.

Time zones are automatically updated based on the setting of the computer accessing Splunk.

What is a primary function of a scheduled report?

Triggering an alert in your Splunk instance when certain conditions are met.

Auto-detect changes in performance.

Auto-generated PDF reports of overall data trends.

Regularly scheduled archiving to keep disk space use low.

After running a search, what effect does clicking and dragging across the timeline have?

Filters current search results.

Moves to past or future events.

Expands the time range of the search.

What must be done in order to use a lookup table in Splunk?

The lookup file must be uploaded to Splunk and a lookup definition must be create

The lookup must be configured to run automatically.

The contents of the lookup file must be copied and pasted into the search bar.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Which time range picker configuration would return real-time events for the past 30 seconds?

Real-time - Earliest: 30-seconds ago, Latest: Now

Preset - Relative: 30-seconds ago

Relative - Earliest: 30-seconds ago, Latest: Now

Advanced - Earliest: 30-seconds ago, Latest: Now

What is one benefit of creating dashboard panels from reports?

Any change to the underlying report will affect every dashboard that utilizes that report.

Any newly created dashboard will include that report.

There are no benefits to creating dashboard panels from reports.

It makes the dashboard more efficient because it only has to run one search string.

Which of the following statements about case sensitivity is true?

Field names ARE case sensitive; field values are NOT.

Both field names and field values ARE case sensitive.

Field values ARE case sensitive; field names ARE NOT.

Both field names and field values ARE NOT case sensitive.

What does the rare command do?

Returns the least common field values of a given field in the results.

Returns the most common field values of a given field in the results.

Returns the top 10 field values of a given field in the results.

Returns the lowest 10 field values of a given field in the results.

What does the values function of the stats command do?

Lists unique values of a given fiel

Lists all values of a given fiel

Returns a count of unique values for a given fiel

Returns the number of events that match the search.

Which statement is true about Splunk alerts?

Alerts are based on searches that are either run on a scheduled interval or in real-time.

Alerts are based on searches and when triggered will only send an email notification.

Alerts are based on searches and require cron to run on scheduled interval.

Alerts are based on searches that are run exclusively as real-time.

What is the purpose of using a by clause with the stats command?

To group the results by one or more fields.

To compute numerical statistics on each fiel

To specify how the values in a list are delimite

To partition the input data based on the split-by fields.

How do you add or remove fields from search results?

Use fields Plus to add and fields Minus to remove.

Use field + to add and field - to remove.

Use table +to add and table -to remove.

Use fields +to add and fields ""to remove.

A field exists in search results, but isn"t being displayed in the fields sidebar. How can it be added to the fields sidebar?

Click All Fields and select the field to add it to Selected Fields.

Click Interesting Fields and select the field to add it to Selected Fields.

Click Selected Fields and select the field to add it to Interesting Fields.

This scenario isn"™t possible because all fields returned from a search always appear in the fields sidebar.

What is the main requirement for creating visualizations using the Splunk UI?

Your search must transform event data into statistical data tables first.

Your search must transform event data into Excel file format first.

Your search must transform event data into XML formatted data first.

Your search must transform event data into JSON formatted data first.

How does Splunk determine which fields to extract from data?

Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the dat

Splunk only extracts the most interesting data from the last 24 hours.

Splunk only extracts fields users have manually specified in their dat

Splunk automatically extracts any fields that generate interesting visualizations.

What syntax is used to link key/value pairs in search strings?

Relational operators such as =, <, or >

Which search string returns a filed containing the number of matching events and names that field Event Count?

index=security failure | stats count as "Event Count"

index=security failure | stats sum as "Event Count"

index=security failure | stats count by "Event Count"

index=security failure | stats dc(count) as "Event Count"

Splunk 1/100

Authored by Sebastián Gutiérrez

Specialty

Professional Development

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

100 questions

Show all answers

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which search string only returns events from hostWWW3?

host=*

host=WWW3

host=WWW*

Host=WWW3

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

By default, how long does Splunk retain a search job?

10 Minutes

15 Minutes

1 Day

7 Days

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

What must be done before an automatic lookup can be created? (Choose all that apply.)

The lookup command must be use

The lookup definition must be create

The lookup file must be uploaded to Splunk.

The lookup file must be verified using the inputlookup comman

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which of the following Splunk components typically resides on the machines where data originates?

Indexer

Forwarder

Search head

Deployment server

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

What determines the scope of data that appears in a scheduled report?

All data accessible to the User role will appear in the report.

All data accessible to the owner of the report will appear in the report.

All data accessible to all users will appear in the report until the next time the report is run.

The owner of the report can configure permissions so that the report uses either the User role or the owners profile at run time.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

When writing searches in Splunk, which of the following is true about Booleans?

They must be lowercase.

They must be uppercase.

They must be in quotations.

They must be in parentheses.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

(index=netfw failure) AND index=netops warn OR critical

(index=netfw failure) OR (index=netops (warn OR critical))

(index=netfw failure) AND (index=netops (warn OR critical))

(index=netfw failure) OR index=netops OR (warn OR critical)

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

100 questions

Soal Pengawas Berprestasi

Quiz

•

Professional Development

100 questions

Transformers - Learning Outcomes

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Specialty

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

35 questions

World War Two 8th G

Quiz

•

6th Grade - Professio...

7 questions

DOL REC: Solutions & Solubility Curves

Quiz

•

Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

Splunk 1/100

Which search string only returns events from hostWWW3?

By default, how long does Splunk retain a search job?

What must be done before an automatic lookup can be created? (Choose all that apply.)

Which of the following Splunk components typically resides on the machines where data originates?

What determines the scope of data that appears in a scheduled report?

When writing searches in Splunk, which of the following is true about Booleans?

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

Which of the following constraints can be used with the top command?

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Specialty