Splunk fundamentals 1 final quiz 56 Questions with Answers 2023
Machine data is always structured.CORRECT ANSWER false
Machine data makes up for
... [Show More] more than ___% of the data accumulated by organizations.CORRECT ANSWER 90
Machine data is only generated by web servers.CORRECT ANSWER false
Which of these is not a main component of Splunk?CORRECT ANSWER compress and archive
Search requests are processed by the ____________.CORRECT ANSWER Indexer
which function is not part of the single instance deploymentCORRECT ANSWER clustering
what are the three main processing components of splunk?CORRECT ANSWER 1. indexers
2. forwarders
3. search heads
In most Splunk deployments, ________ serve as the primary way data is supplied for indexing.CORRECT ANSWER forwarders
The password for a newly installed Splunk instance is:CORRECT ANSWER Created when you install Splunk Enterprise.
You can launch and manage apps from the home app.CORRECT ANSWER true
Which apps ship with Splunk Enterprise?CORRECT ANSWER Search & Reporting, Home App
What are the three main default roles in Splunk Enterprise?CORRECT ANSWER 1. admin
2. power
3.user
define what users can do in Splunk.CORRECT ANSWER Roles
Files indexed using the the upload input option get indexed _____.CORRECT ANSWER Once
The monitor input option will allow you to continuously monitor files.CORRECT ANSWER true
Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.CORRECT ANSWER source types
In most production environments, _______ will be used as the source of data input.CORRECT ANSWER forwarder
Splunk uses ____________ to categorize the type of data being indexed.CORRECT ANSWER source type
Shared search jobs remain active for _______ by default.CORRECT ANSWER 7 days
What is the order of evaluation for Boolean operations in Splunk?CORRECT ANSWER NOT, OR, AND
The time stamp you see in the events is based on the time zone in your user account.CORRECT ANSWER True
These are booleans in the Splunk Search Language.CORRECT ANSWER NOT, AND, OR
Field values are case sensitive.CORRECT ANSWER false
Which is not a comparison operator in Splunk?CORRECT ANSWER ?=
Wildcards cannot be used with field searches.CORRECT ANSWER false
Field names are _________.CORRECT ANSWER case sensitive
What is the most efficient way to filter events in Splunk?CORRECT ANSWER by time
Having separate indexes allows:CORRECT ANSWER Multiple retention policies
Ability to limit access
Faster Searches
This symbol is used in the "Advanced" section of the time range picker to round down to nearest unit of specified time.CORRECT ANSWER @
As a general practice, exclusion is better than inclusion in a Splunk search.CORRECT ANSWER false
Time to search can only be set by the time range picker.CORRECT ANSWER false
Excluding fields using the Fields Command will benefit performance.CORRECT ANSWER false
Which command removes results with duplicate field values?CORRECT ANSWER Dedup
Which stats function would you use to find the average value of a field?CORRECT ANSWER avg
To display the most common values in a specific field, what command would you use?CORRECT ANSWER top
How many results are shown by default when using a Top or Rare Command?CORRECT ANSWER 10
Which one of these is not a stats function?CORRECT ANSWER addtotals
A time range picker can be included in a report.CORRECT ANSWER true
In a dashboard, a time range picker will only work on panels that include a(n) __________ search.CORRECT ANSWER inline
_____________ are reports gathered together into a single pane of glass.CORRECT ANSWER dashboards
Charts can be based on numbers, time or location.CORRECT ANSWER true
If a search returns this, you can view the results as a chart.CORRECT ANSWER Statistical values
Pivots cannot be saved as reports panels.CORRECT ANSWER false
Adding child data model objects is like the ______ Boolean in the Splunk search language.CORRECT ANSWER AND
Data models are made up of ___________.CORRECT ANSWER datasets
Pivots can be saved as dashboards panels.CORRECT ANSWER true
Which roles can create data models?CORRECT ANSWER Admin and Power
When using a .csv file for Lookups, the first row in the file represents this.CORRECT ANSWER field names
A lookup is categorized as a dataset.CORRECT ANSWER true
To keep from overwriting existing fields with your Lookup you can use the ____________ clause.CORRECT ANSWER outputnew
External data used by a Lookup can come from sources like:CORRECT ANSWER 1.geospatial data
2.scripts
3.CSV files
Once an alert is created, you can no longer edit its defining search.CORRECT ANSWER false
alerts can run updated scriptsCORRECT ANSWER true
Real-time alerts will run the search continuously in the background.CORRECT ANSWER true
An alert is an action triggered by a _____________.CORRECT ANSWER saved search
Alerts can send an email.CORRECT ANSWER true [Show Less]