1. Home
  2. Splunk
  3. SPLK-1001

Splunk Core Certified User

Exam Details

  • Exam Code
    :SPLK-1001
  • Exam Name
    :Splunk Core Certified User
  • Certification
    :Splunk Certifications
  • Vendor
    :Splunk
  • Total Questions
    :226 Q&As
  • Last Updated
    :

Splunk Splunk Certifications SPLK-1001 Questions & Answers

  • Question 1:

    Which Field/Value pair will return only events found in the index named security?

    A. Index=Security

    B. index=Security

    C. Index=security

    D. index!=Security

  • Question 2:

    How can results from a specified static lookup file be displayed?

    A. lookup command

    B. inputlookup command

    C. Settings > Lookups > Input

    D. Settings > Lookups > Upload

  • Question 3:

    In the Fields sidebar, what does the number directly to the right of the field name indicate?

    A. The value of the field

    B. The number of values for the field

    C. The number of unique values for the field

    D. The numeric non-unique values of the field

  • Question 4:

    What is the default lifetime of every Splunk search job?

    A. All search jobs are saved for 10 days

    B. All search jobs are saved for 10 hours

    C. All search jobs are saved for 10 weeks D. All search jobs are saved for 10 minutes

  • Question 5:

    Which search will return the 15 least common field values for the dest_ip field?

    A. sourcetype=firewall | rare num=15 dest_ip

    B. sourcetype=firewall | rare last=15 dest_ip

    C. sourcetype=firewall | rare count=15 dest_ip

    D. sourcetype=firewall | rare limit=15 dest_ip

  • Question 6:

    When is an alert triggered?

    A. When Splunk encounters a syntax error in a search

    B. When a trigger action meets the predefined conditions

    C. When an event in a search matches up with a data model

    D. When results of a search meet a specifically defined condition

  • Question 7:

    What are the three main Splunk components?

    A. Search head, GPU, streamer

    B. Search head, indexer, forwarder

    C. Search head, SQL database, forwarder

    D. Search head, SSD, heavy weight agent

  • Question 8:

    Which statement describes field discovery at search time?

    A. Splunk automatically discovers only numeric fields

    B. Splunk automatically discovers only alphanumeric fields

    C. Splunk automatically discovers only manually configured fields

    D. Splunk automatically discovers only fields directly related to the search results

  • Question 9:

    Which of the following is a metadata field assigned to every event in Splunk?

    A. host

    B. owner

    C. bytes

    D. action

  • Question 10:

    What are the two most efficient search filters?

    A. _time and host

    B. _time and index

    C. host and sourcetype

    D. index and sourcetype

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Splunk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SPLK-1001 exam preparations and Splunk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.