Is the SPLK-2001 practice exam free?

Yes. ExamCademy offers all 70 SPLK-2001 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the SPLK-2001 practice questions?

All SPLK-2001 questions are community-created and reviewed by moderators to align with Splunk's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the SPLK-2001 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Splunk documentation and hands-on experience for best results.

SPLK-2001 Practice Exam — Free 70+ Questions

70Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Page 1 of 3 • Questions 1-25 of 70

1 2 3

→

Know a question that should be here? Contribute to this exam

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?

A <option name ג€link.openSearch.viewTarget">$row.link$</option>
B <drilldown> <link target=ג€ blank">$$row.link$$</link> </drilldown>
C <drilldown> <link target="_blank">$row.link|n$</link> </drilldown>
D <drilldown> <link target ג€_blank">http://localhost:8000/debug/refresh</link> </drilldown>

Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)

A Add custom layouts.
B Add custom graphics.
C Add custom behaviors.
D Limit Splunk license consumption based on host.

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

A No need to do anything, it is turned on by default.
B When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.
C When a new HEC token is created in Splunk Web, select the checkbox labeled ג€Enable indexer acknowledgementג€.
D When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled ג€Enable indexer acknowledgementג€.

Which of the following are characteristics of an add-on? (Select all that apply.)

A Requires navigation file.
B Occupies a unique namespace within Splunk.
C Can depend on add-ons for correct operation.
D Contains technology or components not intended for reuse by other apps.

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)

A Review the OWASP Top Ten List.
B Store passwords in clear text in .conf files.
C Review the OWASP Secure Coding Practices Quick Reference Guide.
D Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

There is a global search named global_search defined on a form as shown below:
<search id=global_search>
<query>
index-_internal source-*splunkd.log | stats count by component, log_level
</query>
</search>
Which of the following would be a valid post-processing search? (Select all that apply.)

A | tstats count
B sourcetype=mysourcetype
C stats sum(count) AS count by log level
D search log_level=error | stats sum(count) AS count by component

Which type of command is tstats?

A Generating
B Transforming
C Centralized streaming
D Distributable streaming

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

A Stores checkpoint data for modular inputs.
B Tracks workflow in an incident-review system.
C Indexes metrics data from remote HTTP sources.
D Stores application state as a user interacts with an app.

Given the following two files defining app navigation, which navigation options will be displayed to the end user? (Select all that apply.)
$SPLUNK_HOME/etc/apps/app_name/default/data/ui/nav/default.xml
<nav search_view=search color=#65A637>
<view name=search default=˜true' /> <view name=datasets /> <view name=reports /> <view name=dashboards /> </nav> $SPLUNK_HOME/etc/apps/app_name/local/data/ui/nav/default/xml <nav search_view=search color=#65A637> <view name=search default=˜true' />
<view name=datasets />
<view name=dashboards />
</nav>

A Search
B Reports
C Datasets
D Dashboards

Which of the following are true of auto-refresh for dashboard panels? (Select all that apply.)

A Applies to inline searches and saved searches.
B Enabling auto-refresh for a report requires editing XML.
C Post-processing searches are refreshed when their base searches are refreshed.
D Each post-processing search using the same base search can have a different refresh time.

Which Splunk REST endpoint is used to create a KV store collection?

A /storage/collections
B /storage/kvstore/create
C /storage/collections/config
D /storage/kvstore/collections

A KV store collection can be associated with a namespace for which of the following users?

A Nobody
B Users in the admin role.
C Users in the admin and power roles.
D Users in the admin, power, and splunk-system-user roles.

Which of the following are types of event handlers? (Select all that apply.)

A Search
B Set token
C Form input
D Visualization

Which of the following describes a Splunk custom visualization?

A A visualization with custom colors.
B Any visualization available in Splunk.
C A visualization in Splunk modified by the user.
D A visualization that uses the Splunk Custom Visualization API.

Which of the following are reserved field names in a KV Store? (Select all that apply.)

A _key
B _time
C _user
D _source

Which of these URLs could be used to construct a REST request to search the employee KV store collection to find records with a rating greater than or equal to
2 and less than 5?

A 'http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={$and:[{rating:{$gte:2}}, {rating:{$lt:5}}]}&output_mode-json'
B 'http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={$and:[{rating:$gte:2}}, {rating:{$lt:5}}]}&output_mode=json'
C 'http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={%22rating%22:{%22$gte% 22:2}},{%22$and%22},{%22rating%22:{%22$lt%22:5}}}&output_mode=json'
D 'http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={%22$and%22:[{%22rating%22: {%22$gte%22:2}},{%22rating%22:{%22$lt%22:5}}]}&output_mode=json'

Which of the following Simple XML elements configure panel link buttons? (Select all that apply.)

A <title>Open In Search</title>
B <option name=ג€link.visibleג€>true</option>
C <option name=ג€trellis.enabledג€>false</option>
D <option name=ג€refresh.link.visibleג€>false</option>

Which of the following are requirements for arguments sent to the data/indexes endpoint? (Select all that apply.)

A Be url-encoded.
B Specify the datatype.
C Include the bucket path.
D Include the name argument.

When using the Splunk REST API, which of the following containers is/are included in the Atom Feed response? (Select all that apply.)

A <feed>
B <entry>
C <content>
D <namespace>

A fellow Splunk administrator is reviewing an app that has been downloaded from splunkbase and deployed in an organization. The admin has e-mailed the following configuration snippet with a brief note that says fix the permissions.
In what configuration file should the snippet be placed?
[]
access = read : [ * ], write : [ admin ]
export - system
(Assume that $APP_HOME refers to the path that the app is installed, e.g. $SPLUNK_HOME/etc/apps/<app name>)

A $APP_HOME/default/app.conf
B $APP_HOME/local/default.meta
C $APP_HOME/metadata/local.meta
D $SPLUNK_HOME/etc/system/local/server.conf

Given a dashboard with a Simple XML extension in myApp, what is the XML reference for the file myJS.js located in myOtherApp in the location shown below?
$SPLUNK_HOME/etc/apps/myOtherApp/appserver/static/javascript/

A <dashboard script=ג€myJs.jsג€>
B <dashboard script=ג€myOtherApp/myJS.jsג€>
C <dashboard script=ג€myOtherApp:javascript/myJS.jsג€>
D <dashboard script=ג€myOtherApp:appserver/static/javascript/myJS.jsג€>

Which items below are configured in inputs.conf? (Select all that apply.)

A A modular input written in Python.
B A file input monitoring a JSON file.
C A custom search command written in Python.
D An HTTP Event Collector as receiver of data from an app.

Which of the following is an intended use of HTTP Event Collector tokens?

A A cookie.
B An HTTP header field.
C A JSON field in the HTTP request.
D A password in conjunction with login.

When the search/jobs REST endpoint is called to execute a search, what can be done to reduce the results size in the results? (Select all that apply.)

A Use a generating search.
B Remove unneeded fields.
C Truncate the data, using selective functions.
D Summarize data, using analytic commands.

Which of the following are valid parent elements for the event action shown below? (Select all that apply.)
<set token=Token Name>sourcetype=$click.value|s$</set>

A <eval>
B <change>
C <change> <condition>
D <drilldown> <condition>

SPLK-2001Preview

About the SPLK-2001 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

SPLK-2001Preview

About the SPLK-2001 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25