Free 2021 Splunk Core Certified User SPLK-1001 dumps are available on Google Drive shared by BraindumpsPrep
Welcome to download the newest BraindumpsPrep SPLK-1001 PDF dumps: https://www.briandumpsprep.com/SPLK-1001-prep-exam-braindumps.html ( 225 Q&As)
NEW QUESTION 12
Which of the following Splunk components typically resides on the machines where data originates?
- A. Forwarder
- B. Deployment server
- C. Indexer
- D. Search head
Answer: A
NEW QUESTION 13
______________ is the default web port used by Splunk.
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
NEW QUESTION 14
When running searches command modifiers in the search string are displayed in what color?
- A. Blue
- B. Orange
- C. Red
- D. Highlighted
Answer: B
NEW QUESTION 15
Which of the following is a best practice when writing a search string?
- A. Include all formatting commands before any search terms.
- B. Include at least one function as this is a search requirement.
- C. Include the search terms at the beginning of the search string.
- D. Avoid using formatting clauses, as they add too much overhead.
Answer: D
NEW QUESTION 16
When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?
- A. $SPLUNK_HOME/etc/scripts
- B. $SPLUNK_HOME/bin/scripts
- C. $SPLUNK_HOME/etc/scripts/bin
- D. $SPLUNK_HOME/bin/etc/scripts
Answer: B
NEW QUESTION 17
What is the correct order of steps for creating a new lookup?
1. Configure the lookup to run automatically
2. Create the lookup table
3. Define the lookup
- A. 2, 1, 3
- B. 3, 2, 1
- C. 2, 3, 1
- D. 1, 2, 3
Answer: C
NEW QUESTION 18
In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?
- A. Events from every index searched by default to which the user has access will be returned
- B. Splunk will prompt you to specify an index.
- C. No events will be returned.
- D. All non-indexed events to which the user has access will be returned
Answer: A
NEW QUESTION 19
Which time range picker configuration would return real-time events for the past 30 seconds?
- A. Advanced - Earliest: 30-seconds ago, Latest: Now
- B. Relative - Earliest: 30-seconds ago, Latest: Now
- C. Preset - Relative: 30-seconds ago
- D. Real-time - Earliest: 30-seconds ago, Latest: Now
Answer: D
NEW QUESTION 20
When is the pipe character, I, used in search strings?
- A. Before clauses. For example: stats sum(bytes) | by host
- B. Before functions. For example: stats |sum(bytes) by host
- C. Before commands. For example: | stats sum(bytes) by host
- D. Before arguments. For example: stats sum| (bytes) by host
Answer: C
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Aboutsearchlanguagesyntax#Quotes_and_escaping_characters
NEW QUESTION 21
What type of search can be saved as a report?
- A. Any search can be saved as a report
- B. Only searches that generate visualizations
- C. Only searches that generate statistics or visualizations
- D. Only searches containing a transforming command
Answer: C
NEW QUESTION 22
Which of the following file types is an option for exporting Splunk search results?
- A. XLS
- B. JSON
- C. RTF
- D. PDF
Answer: D
Explanation:
Explanation/Reference:
Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/ExportdatausingSplunkWeb
NEW QUESTION 23
You can on-board data to Splunk using following means (Choose four.):
- A. Props
- B. indexes.conf
- C. metadata.conf
- D. CLI
- E. Splunk Web
- F. Splunk apps and add-ons
- G. savedsearches.conf
- H. inputs.conf
Answer: D,E,F,H
NEW QUESTION 24
Which statement is true about the topcommand?
- A. It returns the top 10 results.
- B. All of the above.
- C. It displays the output in table format.
- D. It returns the count and percent columns per row.
Answer: D
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/Top
NEW QUESTION 25
Splunk Enterprise is used as a Scalable service in Splunk Cloud.
- A. True
- B. False
Answer: A
NEW QUESTION 26
What is a quick, comprehensive way to learn what data is present in a Splunk deployment?
- A. Run ./splunk show
- B. Search index=* sourcetype=* host=*
- C. Review Splunk reports
- D. Click Data Summary in Splunk Web
Answer: D
NEW QUESTION 27
What must be done before an automatic lookup can be created? (select all that apply)
- A. The lookup file must be verified using the inputlookup command.
- B. The lookup command must be used.
- C. The lookup file must be uploaded to Splunk.
- D. The lookup definition must be created.
Answer: D
NEW QUESTION 28
Which statement is true about Splunk alerts?
- A. Alerts are based on searches and when triggered will only send an email notification.
- B. Alerts are based on searches and require cron to run on scheduled interval.
- C. Alerts are based on searches that are run exclusively as real-time.
- D. Alerts are based on searches that are either run on a scheduled interval or in real-time.
Answer: D
NEW QUESTION 29
Following are the time selection option while making search:
(Choose all that apply.)
- A. Advanced
- B. Date Range
- C. Relative
- D. Presets
- E. Date & Time Range
Answer: A
NEW QUESTION 30
Which of the following represents the Splunk recommended naming convention for dashboards?
- A. Group_Description_Object
- B. Object_Group_Description
- C. Group_Object_Description
- D. Description_Group_Object
Answer: C
NEW QUESTION 31
What is a quick, comprehensive way to learn what data is present in a Splunk deployment?
- A. Run ./splunk show
- B. Search index=* sourcetype=* host=*
- C. Review Splunk reports
- D. Click Data Summary in Splunk Web
Answer: D
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/InheritedDeployment/Yourdata
NEW QUESTION 32
Which command is used to validate a lookup file?
- A. inputlookup products.csv
- B. lookup_definition products.csv
- C. lookup products.csv
- D. inputlookup products.csv
Answer: A
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/Inputlookup
NEW QUESTION 33
Which of the following searches would return events with failure in index netfw or warn or critical in index netops?
- A. (index=netfw failure) OR (index=netops (warn OR critical))
- B. (index=netfw failure) AND index=netops warn OR critical
- C. (index=netfw failure) AND (index=netops (warn OR critical))
- D. (index=netfw failure) OR index=netops OR (warn OR critical)
Answer: A
NEW QUESTION 34
By default, which of the following is a Selected Field?
- A. clientip
- B. categoryId
- C. sourcetype
- D. action
Answer: C
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchTutorial/ Usefieldstosearch#Specify_additional_selected_fields
NEW QUESTION 35
What does the rarecommand do?
- A. Returns the most common field values of a given field in the results.
- B. Returns the least common field values of a given field in the results.
- C. Returns the lowest 10 field values of a given field in the results.
- D. Returns the top 10 field values of a given field in the results.
Answer: B
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Rare
NEW QUESTION 36
......
Tested Material Used To SPLK-1001: https://www.briandumpsprep.com/SPLK-1001-prep-exam-braindumps.html
Following are some new SPLK-1001 Real Exam Questions!: https://drive.google.com/open?id=1RB8MlAyg-tQiegMxtGmajyvyb2oRs0bt
