SPLUNK Fundamentals 1 Exam
Questions and Answers
When using a .csv file for Lookups, the first row in the file represents this.
Nothing, it is ignored
Output fields
Input fields
Field names - Answer- Field names
Shared search jobs remain active for _______ by default.
24 hours
1 year
10 minutes
1 day
7 days - Answer- 7 Days
A search job will remain active for ___ minutes after it is run.
10
90
5
30
20 - Answer- 10 Minutes
Which following search mode toggles behavior based on the type of search being run?
Fast
Smart
Verbose - Answer- Smart
To keep from overwriting existing fields with your Lookup you can use the
____________ clause. - Answer- OUTPUTNEW
A lookup is categorized as a dataset - Answer- True
Alerts can run uploaded scripts. - Answer- True
, Real-time alerts will run the search continuously in the background. - Answer- True
An alert is an action triggered by a _____________.
Selected field
Tag
Saved search
Report - Answer- Saved search
Once an alert is created, you can no longer edit its defining search - Answer- False
Alerts can send an email. - Answer- True
Machine data is only generated by web servers. - Answer- False
Machine data makes up for more than ___% of the data accumulated by organizations.
- Answer- 90
Machine data is always structured. - Answer- False
Search strings are sent from the _________. - Answer- Search Head
In most Splunk deployments, ________ serve as the primary way data is supplied for
indexing. - Answer- Forwarders
Which of these is not a main component of Splunk?
Search and investigate
Compress and archive
Add knowledge
Collect and index data - Answer- Compress and Archive
Which function is not a part of a single instance deployment?
Clustering
Parsing
Indexing
Searching - Answer- Clustering
A single-instance deployment of Splunk Enterprise handles:
Select all that apply.
Indexing
Questions and Answers
When using a .csv file for Lookups, the first row in the file represents this.
Nothing, it is ignored
Output fields
Input fields
Field names - Answer- Field names
Shared search jobs remain active for _______ by default.
24 hours
1 year
10 minutes
1 day
7 days - Answer- 7 Days
A search job will remain active for ___ minutes after it is run.
10
90
5
30
20 - Answer- 10 Minutes
Which following search mode toggles behavior based on the type of search being run?
Fast
Smart
Verbose - Answer- Smart
To keep from overwriting existing fields with your Lookup you can use the
____________ clause. - Answer- OUTPUTNEW
A lookup is categorized as a dataset - Answer- True
Alerts can run uploaded scripts. - Answer- True
, Real-time alerts will run the search continuously in the background. - Answer- True
An alert is an action triggered by a _____________.
Selected field
Tag
Saved search
Report - Answer- Saved search
Once an alert is created, you can no longer edit its defining search - Answer- False
Alerts can send an email. - Answer- True
Machine data is only generated by web servers. - Answer- False
Machine data makes up for more than ___% of the data accumulated by organizations.
- Answer- 90
Machine data is always structured. - Answer- False
Search strings are sent from the _________. - Answer- Search Head
In most Splunk deployments, ________ serve as the primary way data is supplied for
indexing. - Answer- Forwarders
Which of these is not a main component of Splunk?
Search and investigate
Compress and archive
Add knowledge
Collect and index data - Answer- Compress and Archive
Which function is not a part of a single instance deployment?
Clustering
Parsing
Indexing
Searching - Answer- Clustering
A single-instance deployment of Splunk Enterprise handles:
Select all that apply.
Indexing
