Splunk Certification Questions & Answers Already Graded A+

5 Main components of Splunk ES - Answer-Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. What does index data do? (3) - Answer-1. Collects data 2. Label data with source type 3. Stored in splunk index Three main roles in splunk? (3) - Answer-Admin, Power, User An admin does what? - Answer-Install apps, create knowledge objects for all users (what apps a user will see by default) A power user does what? - Answer-Creates and shares knowledge objects for users of app, real-time searches A Splunk user does what? - Answer-Only see own knowledge objects and those shared to them. Apps in Splunk? - Answer-1. Pre-built dashboards, reports, alerts and workflows 2. In-depth data analysis for power users 3. Search & Reporting What does the search and reporting app do in splunk? - Answer-Creates knowledge objects, reports, and dashboards The seven main components in splunk searching and reporting? - Answer-1. Splunk bar 2. App bar 3. Search bar 4. Time range picker5. How to search panel 6. What to search panel 7. Search History What does the time range picker do? - Answer-Allow search by preset times, relative times. Real time (earliest, latest), date range. Retrieve events over a specific time period. Limiting search by ___________ is key to faster results and is a best practice - Answer-time The time range picker is set to _________ by default. - Answer-All-time Search jobs are available after ____ minutes by default. - Answer-10 ________ commands create statistics and visualizations. - Answer-Transforming ________ tab is default tab for searches - Answer-Event What are the three main search modes? - Answer-Fast, Verbose, and Smart _______ mode discovery off for event searches. No event or field data for stats searches. - Answer-Fast ______ mode all events and field data; switches to this mode after visualization - Answer-Verbose ______ mode (default-based on search string data). Field discovery ON for event searches. No event or field data for stats searches. - Answer-Smart This search action button "Job V" does what? - Answer-Edit job settings, send job to background, inspect and delete job. Saved searches are set to ______ by default. - Answer-privateTimestamp seen in events is based on______setting in user account profile - Answer-time zone List the three booleans - Answer-AND OR NOT ________boolean is used if none is implied. - Answer-AND Exact phrases use______ - Answer-quotes Use a _______ for searching a string with quotes in the string. - Answer-Backslash Example: info="user "chrisV4" not in database" info="user"chrisV4" not in database " Three default search fields automatically selected? - Answer-Source, Host, Sourcetype _______ sidebar shows all field extracted at search time. - Answer-Fields _______ Fields appear in event, default-host, sourcetype, source - Answer-Selected _______ fields have values in at least 20% of the events - Answer-Interesting Clicking on a field shows a list of _______, ________, and ________. - Answer-values, count, and percentage These fields can launch a quick report by clicking on them (4) - Answer-top values, top values by time, rare values, events with this field Use ______ to limit search to only one sourcetype - Answer-sourcetype= Field names _____ case sensitive- Values _______ case sensitive - Answer-are, are notThe field operators are used with numerical string values (symbols) - Answer-= != -- These symbols are only used with numerical values? - Answer- = = -- Using _____ and ____ (symbols) would return the same results. - Answer-NOT, != Use _______ to nest boolean searches - Answer-parenthesis