Splunk Core Certified User & Splunk Fundamentals 1 ||
with Errorless Solutions 100%.
Search requests are processed by the ___________. correct answers Indexers
This role will only see their own knowledge objects and those that have been shared with them.
A) User
B) Power
C) Admin correct answers A) User
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect correct answers A) Home App
C) Search & Reporting
The default username and password for a newly installed Splunk instance is:
A) username and password
B) admin and changeme
C) admin and 12345
D) buttercup and rawks correct answers B) admin and changeme
Splunk knows where to break the event, where the time stamp is located and how to
automatically create field value pairs using these.
A) Line breaks
B) Source types
C) File names correct answers B) Source types
Splunk uses ______________ to categorize the type of data being indexed. correct answers
sourcetype
Which following search mode toggles behavior based on the type of search being run?
A) Smart
B) Fast
C) Verbose correct answers A) Smart
T/F:
,When zooming in on the event time line, a new search is run. correct answers False
T/F:
These searches will return the same results...
failed password
failed AND password correct answers True
A search job will remain active for _____ minutes after it is run.
A) 5
B) 10
C) 30
D) 60
E) 90 correct answers B) 10
T/F:
Wildcards cannot be used with field searches. correct answers False
T/F:
Field values are case sensitive. correct answers False
Field names are ________.
*(Select all that apply.)*
A) Always capitalized.
B) Not important in Splunk.
C) Case sensitive.
D) Case insensitive. correct answers C) Case sensitive
Having separate indexes allows:
*(Select all that apply.)*
A) Faster Searches.
B) Ability to limit access.
C) Multiple retention policies. correct answers A) Faster Searches.
B) Ability to limit access.
C) Multiple retention policies.
Which command removes results with duplicate field values?
A) Dedup
B) Limit
, C) Join
D) Distinct correct answers A) Dedup
What command would you use to *remove the status field* from the returned events?
sourcetype=a* status=404 | ___________ status
A) table
B) fields -
C) not
D) fields correct answers B) fields -
Which one of these is not a stats function?
A) Count
B) Avg
C) Addtotals
D) List
E) Sum correct answers C) Addtotals
Which clause would you use to rename the count field?
sourcetype=vendor* | stats count __________ "Units Sold"
A) rename
B) to
C) as
D) show correct answers C) as
How many results are shown by default when using a Top or Rare Command? correct answers
10
Which stats function would you use to find the average value of a field? correct answers average
(or avg)
If a search returns this, you can view the results as a *chart*.
A) A list.
B) Statistical values
C) Time limits.
D) Numbers correct answers B) Statistical values
T/F:
A time range picker can be included in a report. correct answers True
These roles can create reports:
with Errorless Solutions 100%.
Search requests are processed by the ___________. correct answers Indexers
This role will only see their own knowledge objects and those that have been shared with them.
A) User
B) Power
C) Admin correct answers A) User
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect correct answers A) Home App
C) Search & Reporting
The default username and password for a newly installed Splunk instance is:
A) username and password
B) admin and changeme
C) admin and 12345
D) buttercup and rawks correct answers B) admin and changeme
Splunk knows where to break the event, where the time stamp is located and how to
automatically create field value pairs using these.
A) Line breaks
B) Source types
C) File names correct answers B) Source types
Splunk uses ______________ to categorize the type of data being indexed. correct answers
sourcetype
Which following search mode toggles behavior based on the type of search being run?
A) Smart
B) Fast
C) Verbose correct answers A) Smart
T/F:
,When zooming in on the event time line, a new search is run. correct answers False
T/F:
These searches will return the same results...
failed password
failed AND password correct answers True
A search job will remain active for _____ minutes after it is run.
A) 5
B) 10
C) 30
D) 60
E) 90 correct answers B) 10
T/F:
Wildcards cannot be used with field searches. correct answers False
T/F:
Field values are case sensitive. correct answers False
Field names are ________.
*(Select all that apply.)*
A) Always capitalized.
B) Not important in Splunk.
C) Case sensitive.
D) Case insensitive. correct answers C) Case sensitive
Having separate indexes allows:
*(Select all that apply.)*
A) Faster Searches.
B) Ability to limit access.
C) Multiple retention policies. correct answers A) Faster Searches.
B) Ability to limit access.
C) Multiple retention policies.
Which command removes results with duplicate field values?
A) Dedup
B) Limit
, C) Join
D) Distinct correct answers A) Dedup
What command would you use to *remove the status field* from the returned events?
sourcetype=a* status=404 | ___________ status
A) table
B) fields -
C) not
D) fields correct answers B) fields -
Which one of these is not a stats function?
A) Count
B) Avg
C) Addtotals
D) List
E) Sum correct answers C) Addtotals
Which clause would you use to rename the count field?
sourcetype=vendor* | stats count __________ "Units Sold"
A) rename
B) to
C) as
D) show correct answers C) as
How many results are shown by default when using a Top or Rare Command? correct answers
10
Which stats function would you use to find the average value of a field? correct answers average
(or avg)
If a search returns this, you can view the results as a *chart*.
A) A list.
B) Statistical values
C) Time limits.
D) Numbers correct answers B) Statistical values
T/F:
A time range picker can be included in a report. correct answers True
These roles can create reports:
