Splunk SPLK-1001 Online Practice Questions and Exam Preparation

Splunk SPLK-1001 Online Questions & Answers

• Question 111:

  Clicking a SEGMENT on a chart, ________.

  A. drills down for that value
  B. highlights the field value across the chart
  C. adds the highlighted value to the search criteria
  C. adds the highlighted value to the search criteria

• Question 112:

  You can view the search result in following format (Choose three.):

  A. Table
  B. Raw
  C. Pie Chart
  D. List
  A. Table
  B. Raw
  D. List

• Question 113:

  What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

  A. the_questionnaire _pedia
  B. the_questionnaire pedia
  C. the_questionnaire_pedia
  D. the_questionnaire Pedia
  C. the_questionnaire_pedia

• Question 114:

  Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)

  A. h
  B. day
  C. mon
  D. yr
  E. y
  F. w
  G. week
  H. d
  I. s
  J. m
  A. h
  C. mon
  E. y
  F. w
  H. d
  I. s
  J. m

  ---

  Explanation/Reference:

  A,C,E,F,H,I,J

• Question 115:

  Field values are case sensitive.

  A. True
  B. False
  B. False

• Question 116:

  These users can create global knowledge objects. (Select all that apply.)

  A. users
  B. power users
  C. administrators
  B. power users
  C. administrators

• Question 117:

  Which of the following is a Splunk internal field?

  A. _raw
  B. host
  C. _host
  D. index
  A. _raw

• Question 118:

  This function of the stats command allows you to return the middle-most value of field X.

  A. Median(X)
  B. Eval by X
  C. Fields(X)
  D. Values(X)
  A. Median(X)

• Question 119:

  Which component of Splunk let us write SPL query to find the required data?

  A. Forwarders
  B. Indexer
  C. Heavy Forwarders
  D. Search head
  D. Search head

• Question 120:

  Which of the following searches would return only events that match the following criteria?

  1.

  Events are inside the main index

  2.

  The field status exists in the event

  3.

  The value in the status field does not equal 200

  A. index==main status!==200
  B. index=main NOT status=200
  C. index==main NOT status==200
  D. index-main status!=200
  C. index==main NOT status==200

  ---

  Explanation/Reference:

  The Kusto Query Language (KQL) is the language you use to query data in Azure Data Explorer [1]. It's a powerful language that allows you to perform advanced queries and extract meaningful insights from your data. To query for events that match the criteria you specified, you would use the following KQL query: index==main NOT status==200 This query will return all events that are inside the main index and have a status field, but the value of the status field does not equal 200. It is important to note that the "NOT" operator must be used in order to exclude events with a status value of 200. By using the "NOT" operator, the query will return only events that do not match the specified criteria. This is useful for narrowing down search results to only those events that are relevant to the query.