Splunk Fundamentals 1 Exam 50 Questions with Answer 2023
Machine data is generated by - CORRECT ANSWER All types of system in an
... [Show More] organization
Structure of machine data - CORRECT ANSWER Unstructured
Machine data makes up ___% of data accumulated by organizations - CORRECT ANSWER 90
Main way data is supplied for indexing - CORRECT ANSWER Forwarders
Search requests are processed by the - CORRECT ANSWER Indexers
3 main components of splunk - CORRECT ANSWER Collect and index data
Add knowledge
Search and investigate
Single instance deployment can handle - CORRECT ANSWER searching
indexing
input
parsing
three main processing components - CORRECT ANSWER forwarders
search heads
indexers
search strings are sent from - CORRECT ANSWER Search Heads
Which function is not a part of single instance deployment - CORRECT ANSWER Clustering
The password for a new instance is - CORRECT ANSWER created when you install splunk
___ define what users can do in splunk - CORRECT ANSWER roles
What roles will only see their knowledge objects and those that have been shared with them - CORRECT ANSWER User
You can launch and manage apps from the home app - CORRECT ANSWER True
3 default roles - CORRECT ANSWER user
admin
power
most prod environment user ___ for source of data input - CORRECT ANSWER forwarders
this lets splunk know where to break the event, timestamp is located and how to auto create fields pairs - CORRECT ANSWER Source types
How would you continually monitor files in splunk - CORRECT ANSWER Monitor
Files indexed using the upload input option get indexed - CORRECT ANSWER Once
splunk uses source types to categorize the type of data being indexed - CORRECT ANSWER Source Types
Toggles search mode by behavior - CORRECT ANSWER Smart mode
What order are events listed - CORRECT ANSWER Reverse chronological
* - CORRECT ANSWER wildcard
commands that create stats and visualizations are - CORRECT ANSWER transforming commands
when a search is sent to splunk it becomes a - CORRECT ANSWER search job
field VALUES are case sensitive - CORRECT ANSWER False
Field names are - CORRECT ANSWER case sensitive
Which is better inclusion or exclusion - CORRECT ANSWER inclusion
Most efficient way to filter events in splunk - CORRECT ANSWER time
Having separate indexes all these 3 things - CORRECT ANSWER - faster searches
- multiple retention policies
- ability to limit access
How to round down to the nearest unit of specified time - CORRECT ANSWER @
how to remove a field from returned events - CORRECT ANSWER fields -
command to remove duplicate field values - CORRECT ANSWER dedup
excluding fields will benefit performance - CORRECT ANSWER false
rename a field - CORRECT ANSWER rename as "NEW NAME"
how many results are shown by default with top or rare command - CORRECT ANSWER 10
What type of search values need to be returned to view the results as a chart - CORRECT ANSWER Statistical values
charts are based on - CORRECT ANSWER numbers, time or location
time range picker in dashboard will only work on panels that include a ___ search - CORRECT ANSWER inline
data models are made up of - CORRECT ANSWER datasets
the instant pivot button is displayed in the statistics and visualization tabs when a ___ search is run - CORRECT ANSWER non-transforming
Pivots can be saved a report panels - CORRECT ANSWER false
pivots can be saved as dashboard panels - CORRECT ANSWER true
adding child data model objects is like the ___ boolean in the splunk search language - CORRECT ANSWER AND
command to display data from lookup file - CORRECT ANSWER inputlookup http_status.csv
external data used by lookup can come from sources like - CORRECT ANSWER - csv files
- scripts
- geospatial
to keep from overwriting existing fields with your lookup you can use the ___ clause - CORRECT ANSWER outputnew
alert is action triggered by a - CORRECT ANSWER saved search
alerts can be shared to all apps - CORRECT ANSWER true
alerts can run uploaded scripts - CORRECT ANSWER true [Show Less]