SPLK-1001 Practice Exam — 209 Free Splunk Questions

Join Us Among the Stars

Sign Up & unlock 100% of Exam Questions

Log in / Sign up

No Strings Attached!

209Practice Questions

3Study Modes

Free

TopicSort

Question 1

Basic Searching

After running a search, what effect does clicking and dragging across the timeline have?

A Executes a new search.
B Filters current search results.
C Moves to past or future events.
D Expands the time range of the search.

Question 2

Using Fields in Searches

Question 3

Splunk Basics

Question 4

Creating Reports and Dashboards

Question 5

Creating Reports and Dashboards

Question 6

Using Fields in Searches

Question 7

Search Language Fundamentals

Question 8

Creating Reports and Dashboards

Question 9

Basic Searching

Question 10

Basic Searching

Question 11

Creating Reports and Dashboards

Question 12

Basic Searching

Question 13

Basic Searching

Question 14

Creating Scheduled Reports and Alerts

Question 15

Search Language Fundamentals

Question 16

Basic Searching

Question 17

Basic Searching

Question 18

Creating Reports and Dashboards

Question 19

Search Language Fundamentals

Question 20

Creating and Using Lookups

Question 21

Creating Reports and Dashboards

Question 22

Using Fields in Searches

Question 23

Splunk Basics

Question 24

Search Language Fundamentals

Question 25

Using Basic Transforming Commands

Page 1 of 9 • Questions 1-25 of 209

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

How do you add or remove fields from search results?

A Use field +to add and field -to remove.
B Use table +to add and table -to remove.
C Use fields +to add and fields ג€"to remove.
D Use fields Plus to add and fields Minus to remove.

How can search results be kept longer than 7 days?

A By scheduling a report.
B By creating a link to the job.
C By changing the job settings.
D By changing the time range picker to more than 7 days.

When displaying results of a search, which of the following is true about line charts?

A Line charts are optimal for single and multiple series.
B Line charts are optimal for single series when using Fast mode.
C Line charts are optimal for multiple series with 3 or more columns.
D Line charts are optimal for multiseries searches with at least 2 or more columns.

What is one benefit of creating dashboard panels from reports?

A Any newly created dashboard will include that report.
B There are no benefits to creating dashboard panels from reports.
C It makes the dashboard more efficient because it only has to run one search string.
D Any change to the underlying report will affect every dashboard that utilizes that report.

Question 6

Using Fields in Searches

Question 7

Search Language Fundamentals

Question 8

Creating Reports and Dashboards

Question 9

Basic Searching

Question 10

Basic Searching

Question 11

Creating Reports and Dashboards

Question 12

Basic Searching

Question 13

Basic Searching

Question 14

Creating Scheduled Reports and Alerts

Question 15

Search Language Fundamentals

Question 16

Basic Searching

Question 17

Basic Searching

Question 18

Creating Reports and Dashboards

Question 19

Search Language Fundamentals

Question 20

Creating and Using Lookups

Question 21

Creating Reports and Dashboards

Question 22

Using Fields in Searches

Question 23

Splunk Basics

Question 24

Search Language Fundamentals

Question 25

Using Basic Transforming Commands

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

A host
B index
C source
D sourcetype

What does the values function of the stats command do?

A Lists all values of a given field.
B Lists unique values of a given field.
C Returns a count of unique values for a given field.
D Returns the number of events that match the search.

What is the main requirement for creating visualizations using the Splunk UI?

A Your search must transform event data into Excel file format first.
B Your search must transform event data into XML formatted data first.
C Your search must transform event data into statistical data tables first.
D Your search must transform event data into JSON formatted data first.

Which of the following searches will return results where fail, 400, and error exist in every event?

A error AND (fail AND 400)
B error OR (fail and 400)
C error AND (fail OR 400)
D error OR fail OR 400

Which of the following is the most efficient filter for running searches in Splunk?

A Time
B Fast mode
C Sourcetype
D Selected Fields

Which of the following file types is an option for exporting Splunk search results?

A PDF
B JSON
C XLS
D RTF

Which search would return events from the access_combined sourcetype?

A Sourcetype=access_combined
B Sourcetype=Access_Combined
C sourcetype=Access_Combined
D SOURCETYPE=access_combined

Which of the following index searches would provide the most efficient search performance?

A index=*
B index=web OR index=s*
C (index=web OR index=sales)
D index=sales AND index=web

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

A App, Owner, Severity, and Type
B App, Owner, Priority, and Status
C App, Dashboard, Severity, and Type
D App, Time Window, Type, and Severity

What does the following specified time range do?
earliest=-72h@h latest=@d

A Look back 3 days ago and prior.
B Look back 72 hours, up to one day ago.
C Look back 72 hours, up to the end of today.
D Look back from 3 days ago, up to the beginning of today.

You can use the following options to specify start and end time for the query range:

A earliest=
B latest=
C beginning=
D ending=
E All the above
F Only 3rd and 4th

Which search will return only events containing the word error and display the results as a table that includes the fields named action, src, and dest?

A error | table action, src, dest
B error | tabular action, src, dest
C error | stats table action, src, dest
D error | table column=action column=src column=dest

Assuming a user has the capability to edit reports, which of the following are editable?

A Acceleration, schedule, permissions
B The report's name, schedule, permissions
C The report's name, acceleration, schedule
D The report's name, acceleration, permissions

When placed early in a search, which command is most effective at reducing search execution time?

A dedup
B rename
C sort -
D fields +

Which of the following describes lookup files?

A Lookup fields cannot be used in searches.
B Lookups contain static data available in the index.
C Lookups add more fields to results returned by a search.
D Lookups pull data at index time and add them to search results.

Which of the following reports is available in the Fields window?

A Top values by time
B Rare values by time
C Events with top value fields
D Events with rare value fields

Which search will return the 15 least common field values for the dest_ip field?

A sourcetype=firewall | rare num=15 dest_ip
B sourcetype=firewall | rare last=15 dest_ip
C sourcetype=firewall | rare count=15 dest_ip
D sourcetype=firewall | rare limit=15 dest_ip

Zoom Out and Zoom to Selection re-executes the search.

A No
B Yes

Search Language Syntax in Splunk can be broken down into the following components. (Choose all that apply.)

A Search term
B Command
C Pipe
D Functions
E Arguments
F Clause

Which of the following are common constraints of the top command?

A limit, count
B limit, showpercent
C limits, countfield
D showperc, countfield

Join Us Among the Stars

SPLK-1001Preview

About the SPLK-1001 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25