SPLK-1001Free trialFree trial

By splunk
Aug, 2025

Verified

25Q per page

Question 1

Which search string only returns events from hostWWW3?

  • A: host=*
  • B: host=WWW3
  • C: host=WWW*
  • D: Host=WWW3

Question 2

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

  • A: Add an output.
  • B: Export a dashboard panel.
  • C: Modify the chart type displayed in a dashboard panel.
  • D: Drag a dashboard panel to a different location on the dashboard.

Question 3

Portal for Splunk apps can be accessed through www.splunkbase.com

  • A: False
  • B: True

Question 4

Splunk shows data in __________________.

  • A: ASCII Character order.
  • B: Reverse chronological order.
  • C: Alphanumeric order.
  • D: Chronological order.

Question 5

Which of the following can be used as wildcard search in Splunk?

  • A: =
  • B: >
  • C: !
  • D: *

Question 6

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

  • A: the_questionnaire _pedia
  • B: the_questionnaire pedia
  • C: the_questionnaire_pedia
  • D: the_questionnaire Pedia

Question 7

Prefix wildcards might cause performance issues.

  • A: False
  • B: True

Question 8

Machine data can be in structured and unstructured format.

  • A: False
  • B: True

Question 9

Field names are case sensitive.

  • A: True
  • B: False

Question 10

Splunk internal fields contains general information about events and starts from underscore i.e. _ .

  • A: True
  • B: False

Question 11

How many main user roles do you have in Splunk?

  • A: 2
  • B: 4
  • C: 1
  • D: 3

Question 12

Which of the following are Splunk premium enhanced solutions? (Choose three.)

  • A: Splunk User Behavior Analytics (UBA)
  • B: Splunk IT Service Intelligence (ITSI)
  • C: Splunk Enterprise Security (ES)
  • D: Splunk Analytics Security (AS)

Question 13

When running searches, command modifiers in the search string are displayed in what color?

  • A: Red
  • B: Blue
  • C: Orange
  • D: Highlighted

Question 14

Fields are searchable name and value pairings that differentiates one event from another.

  • A: False
  • B: True

Question 15

Splunk extracts fields from event data at index time and at search time.

  • A: True
  • B: False

Question 16

Field values are case sensitive.

  • A: True
  • B: False

Question 17

Splunk indexes the data on the basis of timestamps.

  • A: True
  • B: False

Question 18

______________ is the default web port used by Splunk.

  • A: 8089
  • B: 8000
  • C: 8080
  • D: 443

Question 19

Which of the following statements are correct about Search & Reporting App? (Choose three.)

  • A: Can be accessed by Apps > Search & Reporting.
  • B: Provides default interface for searching and analyzing logs.
  • C: Enables the user to create knowledge object, reports, alerts and dashboards.
  • D: It only gives us search functionality.

Question 20

Parsing of data can happen both in HF and Indexer.

  • A: Only HF
  • B: No
  • C: Yes

Question 21

Monitor option in Add Data provides _______________.

  • A: Only continuous monitoring.
  • B: Only One-time monitoring.
  • C: None of the above.
  • D: Both One-time and continuous monitoring.

Question 22

License Meter runs before data compression.

  • A: No
  • B: Yes

Question 23

Forward Option gather and forward data to indexers over a receiving port from remote machines.

  • A: False
  • B: True

Question 24

Which of the following represents the Splunk recommended naming convention for dashboards?

  • A: Description_Group_Object
  • B: Group_Description_Object
  • C: Group_Object_Description
  • D: Object_Group_Description

Question 25

You can on-board data to Splunk using following means (Choose four.):

  • A: Props
  • B: CLI
  • C: Splunk Web
  • D: savedsearches.conf
  • E: Splunk apps and add-ons
  • F: indexes.conf
  • G: inputs.conf
  • H: metadata.conf
Page 1 of 9 • Questions 1-25 of 212
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!