SPLK-1001 Online Practice Questions and Answers

Fields are searchable key value pairs in your event data.

A. True

B. False

Where does Licensing meter happen?

A. Indexer

B. Parsing

C. Heavy Forwarder

D. Input

How many main user roles do you have in Splunk?

A. 2

B. 4

C. 1

D. 3

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

A. (index=netfw failure) AND index=netops warn OR critical

B. (index=netfw failure) OR (index=netops (warn OR critical))

C. (index=netfw failure) AND (index=netops (warn OR critical))

D. (index=netfw failure) OR index=netops OR (warn OR critical)

Which of the statements are correct? (Choose three.)

A. Zoom to selection: Narrows the time range and re-executes the search.

B. Zoom to selection: Narrows the time range and doesn't re-executes the search.

C. Format Timeline: Hides or shows the timeline in different views.

D. Zoom-Out: Expands the time focus and doesn't re-executes the search.

E. Zoom-out: Expands the time focus and re-executes the search.

Which Boolean operator is implied between search terms, unless otherwise specified?

A. OR

B. AND

C. NOT

D. NAND

What is a suggested Splunk best practice for naming reports?

A. Reports are best named using many numbers so they can be more easily sorted.

B. Use a consistent naming convention so they are easily separated by characteristics such as group and object.

C. Name reports as uniquely as possible with no overlap to differentiate them from one another.

D. Any naming convention is fine as long as you keep an external spreadsheet to keep track.

Splunk indexes the data on the basis of timestamps.

A. True

B. False

Splunk index time process can be broken down into __________ phases.

A. 3

B. 2

C. 4

D. 1

All components are installed and administered in Splunk Enterprise on-premise.

A. True

B. False