SPLUNK CERTIFICATION EXAM
QUESTIONS AND ANSWERS
5 Main components of Splunk ES - Correct Answers -Index Data, Search & investigate,
Add knowledge, Monitor & Alert, Report & Analyze.
What does index data do? (3) - Correct Answers -1. Collects data
2. Label data with source type
3. Stored in splunk index
Three main roles in splunk? (3) - Correct Answers -Admin, Power, User
An admin does what? - Correct Answers -Install apps, create knowledge objects for all
users (what apps a user will see by default)
A power user does what? - Correct Answers -Creates and shares knowledge objects for
users of app, real-time searches
What are search commands used for? - Correct Answers -Creating charts, computing
statistics, and formatting
Top command returns top ____ results with a count and percentage - Correct Answers -
10
What are the three ways to create visualizations? - Correct Answers -1. Select a field
from the fields sidebar
2. Use the pivot interface
3. Use the Splunk search language commands in the search bar with statistics and
visualization tabs
A Splunk user does what? - Correct Answers -Only see own knowledge objects and
those shared to them.
Apps in Splunk? - Correct Answers -1. Pre-built dashboards, reports, alerts and
workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk? - Correct Answers -Creates
knowledge objects, reports, and dashboards
, The seven main components in splunk searching and reporting? - Correct Answers -1.
Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do? - Correct Answers -Allow search by preset times,
relative times. Real time (earliest, latest), date range. Retrieve events over a specific
time period.
Limiting search by ___________ is key to faster results and is a best practice - Correct
Answers -time
The time range picker is set to _________ by default. - Correct Answers -All-time
Search jobs are available after ____ minutes by default. - Correct Answers -10
________ commands create statistics and visualizations. - Correct Answers -
Transforming
________ tab is default tab for searches - Correct Answers -Event
What are the three main search modes? - Correct Answers -Fast, Verbose, and Smart
_______ mode discovery off for event searches. No event or field data for stats
searches. - Correct Answers -Fast
______ mode all events and field data; switches to this mode after visualization -
Correct Answers -Verbose
______ mode (default-based on search string data). Field discovery ON for event
searches. No event or field data for stats searches. - Correct Answers -Smart
This search action button "Job V" does what? - Correct Answers -Edit job settings, send
job to background, inspect and delete job.
Saved searches are set to ______ by default. - Correct Answers -private
Timestamp seen in events is based on______setting in user account profile - Correct
Answers -time zone
List the three booleans - Correct Answers -AND OR NOT
QUESTIONS AND ANSWERS
5 Main components of Splunk ES - Correct Answers -Index Data, Search & investigate,
Add knowledge, Monitor & Alert, Report & Analyze.
What does index data do? (3) - Correct Answers -1. Collects data
2. Label data with source type
3. Stored in splunk index
Three main roles in splunk? (3) - Correct Answers -Admin, Power, User
An admin does what? - Correct Answers -Install apps, create knowledge objects for all
users (what apps a user will see by default)
A power user does what? - Correct Answers -Creates and shares knowledge objects for
users of app, real-time searches
What are search commands used for? - Correct Answers -Creating charts, computing
statistics, and formatting
Top command returns top ____ results with a count and percentage - Correct Answers -
10
What are the three ways to create visualizations? - Correct Answers -1. Select a field
from the fields sidebar
2. Use the pivot interface
3. Use the Splunk search language commands in the search bar with statistics and
visualization tabs
A Splunk user does what? - Correct Answers -Only see own knowledge objects and
those shared to them.
Apps in Splunk? - Correct Answers -1. Pre-built dashboards, reports, alerts and
workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk? - Correct Answers -Creates
knowledge objects, reports, and dashboards
, The seven main components in splunk searching and reporting? - Correct Answers -1.
Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do? - Correct Answers -Allow search by preset times,
relative times. Real time (earliest, latest), date range. Retrieve events over a specific
time period.
Limiting search by ___________ is key to faster results and is a best practice - Correct
Answers -time
The time range picker is set to _________ by default. - Correct Answers -All-time
Search jobs are available after ____ minutes by default. - Correct Answers -10
________ commands create statistics and visualizations. - Correct Answers -
Transforming
________ tab is default tab for searches - Correct Answers -Event
What are the three main search modes? - Correct Answers -Fast, Verbose, and Smart
_______ mode discovery off for event searches. No event or field data for stats
searches. - Correct Answers -Fast
______ mode all events and field data; switches to this mode after visualization -
Correct Answers -Verbose
______ mode (default-based on search string data). Field discovery ON for event
searches. No event or field data for stats searches. - Correct Answers -Smart
This search action button "Job V" does what? - Correct Answers -Edit job settings, send
job to background, inspect and delete job.
Saved searches are set to ______ by default. - Correct Answers -private
Timestamp seen in events is based on______setting in user account profile - Correct
Answers -time zone
List the three booleans - Correct Answers -AND OR NOT
