Splunk Core Certified User || All Correct.
Three main roles in splunk? (3) correct answers Admin, Power, User
Installs apps, creates knowledge objects for all users (what apps a user will see by default)
correct answers Admin
Power User abilities: correct answers Creates and shares knowledge objects for users of app,
real-time searches
Only sees own knowledge objects and those shared to them correct answers User
What does the search and reporting app do in splunk? correct answers Creates knowledge
objects, reports, and dashboards
The seven main components in splunk searching and reporting? correct answers 1. Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do? correct answers Allow search by preset times, relative
times. Real time (earliest, latest), date range. Retrieve events over a specific time period.
Limiting search by ___________ is key to faster results and is a best practice correct answers
time
The time range picker is set to _________ by default. correct answers All-time
Search jobs are available for ____ minutes by default. correct answers 10
________ commands create statistics and visualizations. correct answers Transforming
________ tab is default tab for searches correct answers Event
The three main search modes? correct answers Fast, Verbose, and Smart
_______ mode has discovery off for event searches. No event or field data for stats searches.
correct answers Fast
______ search mode has all events and field data; switches to this mode after visualization
correct answers Verbose
,______ mode (default-based on search string data) has field discovery ON for event searches. No
event or field data for stats searches. correct answers Smart
What does the "Job V" action button do correct answers Edits job settings, sends jobs to the
background, inspects and deletes job.
Saved searches are set to ______ by default. correct answers private
Timestamp seen in events is based on______setting in user account profile correct answers time
zone
List the three booleans correct answers AND OR NOT
________boolean is used if none is implied correct answers AND
Exact phrases use______ correct answers quotes
Use a _______ for searching a string with quotes in the string correct answers Backslash
Example: info="user "chrisV4" not in database" info="user\"chrisV4\" not in database "
The three default search fields automatically selected are correct answers Source, Host,
Sourcetype
_______ fields that appear by default are host, sourcetype, source correct answers Selected
_______ fields have values in at least 20% of the events correct answers Interesting
Clicking on a field shows a list of _______, ________, and ________. correct answers values,
count, and percentage
These fields can launch a quick report by clicking on them (4) correct answers top values, top
values by time, rare values, events with this field
Use ______ to limit search to only one sourcetype correct answers sourcetype=
(T/F) Using NOT and != would return the same results. correct answers True
Use _______ to nest boolean searches correct answers parenthesis
______ is better than exclusion correct answers inclusion
When creating reports you can edit, clone, embed, and delete under the ______ tab correct
answers report
Top command returns top ____ results with a count and percentage correct answers 10
,What are the three ways to create visualizations? correct answers 1. Select a field from the fields
sidebar
2. Use the pivot interface
3. Use the Splunk search language commands in the search bar with statistics and visualization
tabs
Save visual reports as _______ or _______ correct answers report or dashboard pannel
________ is an action that a saved search triggers based on the results of the search correct
answers Alert
________ designs reports into a simple interface without having to craft a search string correct
answers Pivot
The default time value for pivot is ______ correct answers all the time
The data model is the framework and the ______ is the interface to the data correct answers
pivot
_______ object is the main source of data correct answers Root
_______ object acts like an AND boolean correct answers Child
(T/F) An instant pivot allows instant access to data without having a data model correct answers
True
alerts use a _______ search to check for events. correct answers saved
Adjust the ______ type to configure how often the search runs correct answers alert
Use ________ alerts to check for events on a regular basis correct answers Scheduled
_______ alerts monitor for events continuously correct answers Real-time
An _______ action can notify you of a triggered alert and help you start responding to it correct
answers alert
______ is the most efficient filter correct answers Time
Search terms are case sensitive or case insensitive.
(components of search language) correct answers Case insensitive
______ tell Splunk what we want to do with results (ex. stats)
(components of search language) correct answers Commands
______ are variables to apply to function (ex. Product name)
, (components of search language) correct answers Arguments
_____ is used to pass current results to the next search component correct answers A pipe
(T/F) Search command works from left to right correct answers True
(T/F) Once an item is filtered out it is no longer available in the search string correct answers
True
_____ command includes or excludes fields from search results. correct answers Fields
Exclude a field by using ______ symbol correct answers minus (-)
(T/F) Primary fields _time and _raw will always be extracted, but can also be removed by using
the minus symbol correct answers True
Field_____happens after field______only affecting displayed results. correct answers exclusion,
extraction
________ command retains searched data in a tabulated format correct answers table
(T/F) In regards to a rename command, once a field is renamed the original name is available to
later search commands correct answers F
This command removes events with duplicate values correct answers dedup
This command displays results in ascending or descending order. correct answers sort
This command combines fields from external sources to searched events, based on event field
correct answers Lookup
This command produces statistics of a search result correct answers stats command
This command shows the number of events matching search criteria correct answers stats count
This command is the sum of numerical value correct answers stats sum command
This command preforms stats aggregation against time correct answers timechart command
___ split data by an additional field correct answers by
Produces additional fields such as duration and event count correct answers Transaction
command
How to replace null values in fields? correct answers value=stringfillnull Command i.e. fillnull
value=NULL
Three main roles in splunk? (3) correct answers Admin, Power, User
Installs apps, creates knowledge objects for all users (what apps a user will see by default)
correct answers Admin
Power User abilities: correct answers Creates and shares knowledge objects for users of app,
real-time searches
Only sees own knowledge objects and those shared to them correct answers User
What does the search and reporting app do in splunk? correct answers Creates knowledge
objects, reports, and dashboards
The seven main components in splunk searching and reporting? correct answers 1. Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do? correct answers Allow search by preset times, relative
times. Real time (earliest, latest), date range. Retrieve events over a specific time period.
Limiting search by ___________ is key to faster results and is a best practice correct answers
time
The time range picker is set to _________ by default. correct answers All-time
Search jobs are available for ____ minutes by default. correct answers 10
________ commands create statistics and visualizations. correct answers Transforming
________ tab is default tab for searches correct answers Event
The three main search modes? correct answers Fast, Verbose, and Smart
_______ mode has discovery off for event searches. No event or field data for stats searches.
correct answers Fast
______ search mode has all events and field data; switches to this mode after visualization
correct answers Verbose
,______ mode (default-based on search string data) has field discovery ON for event searches. No
event or field data for stats searches. correct answers Smart
What does the "Job V" action button do correct answers Edits job settings, sends jobs to the
background, inspects and deletes job.
Saved searches are set to ______ by default. correct answers private
Timestamp seen in events is based on______setting in user account profile correct answers time
zone
List the three booleans correct answers AND OR NOT
________boolean is used if none is implied correct answers AND
Exact phrases use______ correct answers quotes
Use a _______ for searching a string with quotes in the string correct answers Backslash
Example: info="user "chrisV4" not in database" info="user\"chrisV4\" not in database "
The three default search fields automatically selected are correct answers Source, Host,
Sourcetype
_______ fields that appear by default are host, sourcetype, source correct answers Selected
_______ fields have values in at least 20% of the events correct answers Interesting
Clicking on a field shows a list of _______, ________, and ________. correct answers values,
count, and percentage
These fields can launch a quick report by clicking on them (4) correct answers top values, top
values by time, rare values, events with this field
Use ______ to limit search to only one sourcetype correct answers sourcetype=
(T/F) Using NOT and != would return the same results. correct answers True
Use _______ to nest boolean searches correct answers parenthesis
______ is better than exclusion correct answers inclusion
When creating reports you can edit, clone, embed, and delete under the ______ tab correct
answers report
Top command returns top ____ results with a count and percentage correct answers 10
,What are the three ways to create visualizations? correct answers 1. Select a field from the fields
sidebar
2. Use the pivot interface
3. Use the Splunk search language commands in the search bar with statistics and visualization
tabs
Save visual reports as _______ or _______ correct answers report or dashboard pannel
________ is an action that a saved search triggers based on the results of the search correct
answers Alert
________ designs reports into a simple interface without having to craft a search string correct
answers Pivot
The default time value for pivot is ______ correct answers all the time
The data model is the framework and the ______ is the interface to the data correct answers
pivot
_______ object is the main source of data correct answers Root
_______ object acts like an AND boolean correct answers Child
(T/F) An instant pivot allows instant access to data without having a data model correct answers
True
alerts use a _______ search to check for events. correct answers saved
Adjust the ______ type to configure how often the search runs correct answers alert
Use ________ alerts to check for events on a regular basis correct answers Scheduled
_______ alerts monitor for events continuously correct answers Real-time
An _______ action can notify you of a triggered alert and help you start responding to it correct
answers alert
______ is the most efficient filter correct answers Time
Search terms are case sensitive or case insensitive.
(components of search language) correct answers Case insensitive
______ tell Splunk what we want to do with results (ex. stats)
(components of search language) correct answers Commands
______ are variables to apply to function (ex. Product name)
, (components of search language) correct answers Arguments
_____ is used to pass current results to the next search component correct answers A pipe
(T/F) Search command works from left to right correct answers True
(T/F) Once an item is filtered out it is no longer available in the search string correct answers
True
_____ command includes or excludes fields from search results. correct answers Fields
Exclude a field by using ______ symbol correct answers minus (-)
(T/F) Primary fields _time and _raw will always be extracted, but can also be removed by using
the minus symbol correct answers True
Field_____happens after field______only affecting displayed results. correct answers exclusion,
extraction
________ command retains searched data in a tabulated format correct answers table
(T/F) In regards to a rename command, once a field is renamed the original name is available to
later search commands correct answers F
This command removes events with duplicate values correct answers dedup
This command displays results in ascending or descending order. correct answers sort
This command combines fields from external sources to searched events, based on event field
correct answers Lookup
This command produces statistics of a search result correct answers stats command
This command shows the number of events matching search criteria correct answers stats count
This command is the sum of numerical value correct answers stats sum command
This command preforms stats aggregation against time correct answers timechart command
___ split data by an additional field correct answers by
Produces additional fields such as duration and event count correct answers Transaction
command
How to replace null values in fields? correct answers value=stringfillnull Command i.e. fillnull
value=NULL
