Splunk Core Certified User & Splunk Fundamentals 1/Splunk Core Power User Exam/Splunk User Certification/SPLUNK 2 Power User Exam/Splunk Core Certified Power User/Splunk Core Certified Power User*/Splunk Exam Questions - Complete/Splunk Core User Practice

Selected fields are displayed ________ each event in the results. a. below b. interesting fields c. other fields d. above - Answer- a. below Search terms are not case sensitive. (T/F) - Answer- True These two searches will NOT return the same results. SEARCH 1:login failure SEARCH 2: ...

5 Main components of Splunk ES - Answer- Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. Three main roles in splunk? (3) - Answer- Admin, Power, User Installs apps, creates knowledge objects for all users (what apps a user will see by default) - Answer- Admi...

As events come in, Splunk places them into an index's ___________. - Answer- hot bucket What are the only writable buckets? - Answer- hot bucket's As buckets age, they roll from the hot to warm to cold. True of False? - Answer- True Each bucket has its own raw data, metadata, and index...

What is the only writeable bucket type? - Answer- The hot bucket By what filter are indexes divided into buckets? - Answer- By time What are the 4 types of searches in Splunk (by performance) - Answer- Dense, Sparse, Super Sparse, Rare In searches, what is the scanCount? - Answer- The numbe...

A calculated field maybe based on which of the following? A. Lookup tables B. Extracted fields C. Regular expressions D. Fields generated within a search string - Answer- B. Extracted fields Which are valid ways to create an event type? (select all that apply) A. By using the searchtypes com...

Which search string only returns events from hostWWW3? - Answer- host=WW3 By default, how long does Splunk retain a search job? - Answer- 10 minutes What must be done before an automatic lookup can be created? - Answer- The lookup definition must be created Which of the following Splunk com...

(T/F) It is not possible for a single instance of Splunk to manage the input, parsing and indexing of machine data. - Answer- True Which search string only returns events from hostWWW3? a. host=* b. host=WWW3 c. host=WWW* d. Host=WWW3 - Answer- B. host=WWW3 By default, how long does Splu...

Which of the following statements are true regarding multisite indexer clusters? A. Each site has its own set of peer nodes, but they all use the same search heads B. Each site also obeys site-specific replication and search factor rules C. The cluster administrator defines the "sites" D. B&...

Machine Data - Answer- _____________ Makes up about 90% of data accumulated by organizations. Structured and Unstructured. Improves Operational Intelligence Splunk - Answer- ___________ Aggregate, analyze, and get answer from your machine data. Splunk search head - Answer- Allows user to use t...

True or False: The search job inspector shows you how long a given search took to run. - Answer- True When searching, field values are case: - Answer- Insensitive Warm buckets in Splunk indexes are named by: Select your answer. A: a naming convention the administrator determines B: the se...

which parent directory contains the configuration files in Splunk? - Answer- $SPLUNK_HOME/etc where can scripts for scripted inputs reside on the host file system? - Answer- $SPLUNK_HOME/bin/scripts $SPLUNK_HOME/etc/system/bin In which Splunk configuration is the SEDCMD used - Answer- Use...

This administrator installs, configures, and manages Splunk Components. - Answer- System Administrator This administrator manages configuration files and monitors MC while responding to health alerts. - Answer- System Administrator This administrator deploys changes to environment and document...

Within , which stanzas are valid for data modification? (select all that apply) A. Host B. Server C. Source D. Sourcetype - Answer- ANSWER: ACD The universal forwarder has which capabilities when sending data? A. Sending alerts B. Compressing Data C. Obfuscating/hiding data D. Indexe...

The new result after selecting the range by dragging filters the events and displays the most recent first - Answer- Which of the statements is correct regarding click and drag option in timeline? Zoom to selection: Narrows the time range and re-executes the search. Format Timeline: Hides or sho...