(T/F) It is not possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.
True
Which search string only
... [Show More] returns events from hostWWW3?
a. host=*
b. host=WWW3
c. host=WWW*
d. Host=WWW3
B. host=WWW3
00:00
01:38
By default, how long does Splunk retain a search job?
a. 15 minutes
b. 1 day
c. 7 days
d. 10 minutes
d. 10 minutes
What must be done before an automatic lookup can be created? (select all that apply)
a. The lookup file must be uploaded to Splunk.
b. The lookup definition must be created.
c. The lookup command must be used.
d. The lookup file must be verified using the inputlookup command.
a. The lookup file must be uploaded to splunk
b. The lookup definition must be created.
Which of the following Splunk components typically resides on the machines where data originates?
a. Search head
b. Forwarder
c. Indexer
d. Deployment server
b. forwarder
What determines the scope of data that appears in a scheduled report?
a. All data accessible to all users will appear in the report until the next time the report is run.
b. All data accessible to the User role will appear in the report.
c. All data accessible to the owner of the report will appear in the report.
d. The owner of the report can configure permissions so that the report uses either the User role or the owner's profile at run time.
d. The owner of the report can configure permissions so that the report uses either the User role or the owner's profile at run time.
When writing searches in Splunk, which of the following is true about Booleans?
a. They must be uppercase.
b. They must be in quotations.
c. They must be in parentheses.
d. They must be lowercase.
a. They must be uppercase
Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price.
a. Index=security sourcetype=access_* | status=200 | stats count by price
b. Index=security sourcetype=access_* status=200 | stats count by price
c. Index=security sourcetype=access_* status=200 | stats count | by price
d. Index=security sourcetype=access_* status=200 stats | count by price
b. Index=security sourcetype=access_* status=200 | stats count by price [Show Less]