Splunk Core User

Authored by Ricardo Garcia

Instructional Technology

Professional Development

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

26 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

When linking key/value pairs in search strings, what syntax is used?

status-200

status | 200

status=200

status equals 200

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Out of the following queries, which search string returns a field where the number of matching events is stored, and then stored as Purchases?

index=access_combined_wcookie status=200 file="success.do" | stats sum as "Purchases"

index=access_combined_wcookie status=200 file="success.do" | stats count as "Purchases"

index=access_combined_wcookie status=200 file="success.do" | stats count by "Purchases"

index=access_combined_wcookie status=200 file="success.do" | stats dc(count) as "Purchases"

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following search strings only returns events from the source access_30day.log?

source=*

source=access_30day.log

source=access_30day.*

Source=access_30day.log

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the default retention period of a search job in Splunk by default?

10 Minutes

15 Minutes

24 Hours

7 Days

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In a typical Splunk deployment, which of the following components is found on the machine that originates the data?

Indexer

Forwarder

Search head

Deployment server

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

When a scheduled report is run, what is the scope of the data that will be included in the report?

The report will contain all the data that the User role has access to.

Reports display all information accessible to the owner.

Until the report is run again, all data that is accessible to all users will be included in the report.

Owners have the option of configuring permissions so that a report is run using either the User role or the owner's profile.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The Boolean operator is just one of many search term components in Splunk. Which of the following is true about the boolean operator?

A boolean must be written in lowercase.

A boolean must be written in uppercase.

There must be quotation marks around booleans.

Parentheses are required around booleans.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

21 questions

Plaster Storage and Performance Quiz

Quiz

•

Professional Development

22 questions

Kiến thức về Git và GitHub

Quiz

•

Professional Development

22 questions

CBT LATEST

Quiz

•

Professional Development

22 questions

FERPA, COPPA, CIPA, & Copyright -- YIPES!

Quiz

•

Professional Development

25 questions

Fire alarm II

Quiz

•

Professional Development

26 questions

Teens 1 - Final Quiz

Quiz

•

Professional Development

31 questions

Smartsheet Certification - Collaboration, Automation & Dashboard

Quiz

•

Professional Development

21 questions

Body filler Chapter 12

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Instructional Technology

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L3_22-23

Lesson

•

KG - Professional Dev...

20 questions

Employability Skills

Quiz

•

Professional Development

Splunk Core User

When linking key/value pairs in search strings, what syntax is used?

Out of the following queries, which search string returns a field where the number of matching events is stored, and then stored as Purchases?

Which of the following search strings only returns events from the source access_30day.log?

What is the default retention period of a search job in Splunk by default?

In a typical Splunk deployment, which of the following components is found on the machine that originates the data?

When a scheduled report is run, what is the scope of the data that will be included in the report?

The Boolean operator is just one of many search term components in Splunk. Which of the following is true about the boolean operator?

What search would return error events in index db_audit or failed or failing events in index linux_secure?

Based on the following search string, choose the answer that displays the correct pipe placement:
index=main sourcetype=access_combined_wcookie status=403 stats count as Transactions

When using the top command within your query, which of the following constraints can be applied?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

Splunk Core User

When linking key/value pairs in search strings, what syntax is used?

Out of the following queries, which search string returns a field where the number of matching events is stored, and then stored as Purchases?

Which of the following search strings only returns events from the source access_30day.log?

What is the default retention period of a search job in Splunk by default?

In a typical Splunk deployment, which of the following components is found on the machine that originates the data?

When a scheduled report is run, what is the scope of the data that will be included in the report?

The Boolean operator is just one of many search term components in Splunk. Which of the following is true about the boolean operator?

What search would return error events in index db_audit or failed or failing events in index linux_secure?

Based on the following search string, choose the answer that displays the correct pipe placement:index=main sourcetype=access_combined_wcookie status=403 stats count as Transactions

When using the top command within your query, which of the following constraints can be applied?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

Based on the following search string, choose the answer that displays the correct pipe placement:
index=main sourcetype=access_combined_wcookie status=403 stats count as Transactions