SPLUNK Core Certified User

1.

Which of the following Splunk components typically resides on the machines where data originates?

Indexer Forwarder Search head Deployment server

2.

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

(index=netfw failure) AND index=netops warn OR critical (index=netfw failure) OR (index=netops (warn OR critical)) (index=netfw failure) AND (index=netops (warn OR critical)) (index=netfw failure) OR index=netops OR (warn OR critical)

3.

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

index=security sourcetype=access_* status=200 stats | count by price

index=security sourcetype=access_* status=200 | stats count by price

index=security sourcetype=access_* status=200 | stats count | by price

index=security sourcetype=access_* | status=200 | stats count by price

4.

Which of the following represents the Splunk recommended naming convention for dashboards?

Description_Group_Object Group_Description_Object Group_Object_Description Object_Group_Description

5.

How can search results be kept longer than 7 days?

By scheduling a report. By creating a link to the job. By changing the job settings. By changing the time range picker to more than 7 days.

6.

Which of the following is a Splunk search best practice?

Filter as early as possible. Never specify more than one index. Include as few search terms as possible. Use wildcards to return more search results.

7.

When displaying results of a search, which of the following is true about line charts?

Line charts are optimal for single and multiple series. Line charts are optimal for single series when using Fast mode. Line charts are optimal for multiple series with 3 or more columns. Line charts are optimal for multiseries searches with at least 2 or more columns.

8.

How are events displayed after a search is executed?

In chronological order. Randomly by default. In reverse chronological order. Alphabetically according to field name.

9.

Which of the following is true about user account settings and preferences?

Search & Reporting is the only app that can be set as the default application. Full names can only be changed by accounts with a Power User or Admin role. Time zones are automatically updated based on the setting of the computer accessing Splunk. Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

10.

After running a search, what effect does clicking and dragging across the timeline have?

Executes a new search. Filters current search results. Moves to past or future events. Expands the time range of the search.

SPLUNK Core Certified User

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

SPLUNK Core Certified User

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner