Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?
A <option name ג€link.openSearch.viewTarget">$row.link$</option>
Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)
AAdd custom layouts.
BAdd custom graphics.
CAdd custom behaviors.
DLimit Splunk license consumption based on host.
How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)
ANo need to do anything, it is turned on by default.
BWhen a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.
CWhen a new HEC token is created in Splunk Web, select the checkbox labeled ג€Enable indexer acknowledgementג€.
DWhen the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled ג€Enable indexer acknowledgementג€.
Which of the following are characteristics of an add-on? (Select all that apply.)
ARequires navigation file.
BOccupies a unique namespace within Splunk.
CCan depend on add-ons for correct operation.
DContains technology or components not intended for reuse by other apps.
What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)
AReview the OWASP Top Ten List.
BStore passwords in clear text in .conf files.
CReview the OWASP Secure Coding Practices Quick Reference Guide.
DEnsure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.
Question 6
SPL and Efficient Searching
0
Question 7
SPL and Efficient Searching
Question 8
SPL and Efficient Searching
Question 9
SPL and Efficient Searching
Question 10
Defenses, Data Sources, and SIEM Best Practices
Question 11
SPL and Efficient Searching
Question 12
SPL and Efficient Searching
Question 13
Investigation, Event Handling, Correlation, and Risk
Question 14
SPL and Efficient Searching
Question 15
SPL and Efficient Searching
Question 16
SPL and Efficient Searching
Question 17
SPL and Efficient Searching
Question 18
SPL and Efficient Searching
Question 19
SPL and Efficient Searching
Question 20
Defenses, Data Sources, and SIEM Best Practices
Question 21
SPL and Efficient Searching
Question 22
Defenses, Data Sources, and SIEM Best Practices
Question 23
Defenses, Data Sources, and SIEM Best Practices
Question 24
SPL and Efficient Searching
Question 25
SPL and Efficient Searching
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
There is a global search named global_search defined on a form as shown below:
<search id=global_search>
<query>
index-_internal source-*splunkd.log | stats count by component, log_level
</query>
</search>
Which of the following would be a valid post-processing search? (Select all that apply.)
A| tstats count
Bsourcetype=mysourcetype
Cstats sum(count) AS count by log level
Dsearch log_level=error | stats sum(count) AS count by component
Which type of command is tstats?
AGenerating
BTransforming
CCentralized streaming
DDistributable streaming
Which of the following is an example of a Splunk KV store use case? (Select all that apply.)
AStores checkpoint data for modular inputs.
BTracks workflow in an incident-review system.
CIndexes metrics data from remote HTTP sources.
DStores application state as a user interacts with an app.
Given the following two files defining app navigation, which navigation options will be displayed to the end user? (Select all that apply.)
$SPLUNK_HOME/etc/apps/app_name/default/data/ui/nav/default.xml
<nav search_view=search color=#65A637>
<view name=search default=˜true' /> <view name=datasets /> <view name=reports /> <view name=dashboards /> </nav> $SPLUNK_HOME/etc/apps/app_name/local/data/ui/nav/default/xml <nav search_view=search color=#65A637> <view name=search default=˜true' />
<view name=datasets />
<view name=dashboards />
</nav>
ASearch
BReports
CDatasets
DDashboards
Which of the following are true of auto-refresh for dashboard panels? (Select all that apply.)
AApplies to inline searches and saved searches.
BEnabling auto-refresh for a report requires editing XML.
CPost-processing searches are refreshed when their base searches are refreshed.
DEach post-processing search using the same base search can have a different refresh time.
Which Splunk REST endpoint is used to create a KV store collection?
A/storage/collections
B/storage/kvstore/create
C/storage/collections/config
D/storage/kvstore/collections
A KV store collection can be associated with a namespace for which of the following users?
ANobody
BUsers in the admin role.
CUsers in the admin and power roles.
DUsers in the admin, power, and splunk-system-user roles.
Which of the following are types of event handlers? (Select all that apply.)
ASearch
BSet token
CForm input
DVisualization
Which of the following describes a Splunk custom visualization?
AA visualization with custom colors.
BAny visualization available in Splunk.
CA visualization in Splunk modified by the user.
DA visualization that uses the Splunk Custom Visualization API.
Which of the following are reserved field names in a KV Store? (Select all that apply.)
A_key
B_time
C_user
D_source
Which of these URLs could be used to construct a REST request to search the employee KV store collection to find records with a rating greater than or equal to
2 and less than 5?
Which of the following Simple XML elements configure panel link buttons? (Select all that apply.)
A <title>Open In Search</title>
B <option name=ג€link.visibleג€>true</option>
C <option name=ג€trellis.enabledג€>false</option>
D <option name=ג€refresh.link.visibleג€>false</option>
Which of the following are requirements for arguments sent to the data/indexes endpoint? (Select all that apply.)
ABe url-encoded.
BSpecify the datatype.
CInclude the bucket path.
DInclude the name argument.
When using the Splunk REST API, which of the following containers is/are included in the Atom Feed response? (Select all that apply.)
A <feed>
B <entry>
C <content>
D <namespace>
A fellow Splunk administrator is reviewing an app that has been downloaded from splunkbase and deployed in an organization. The admin has e-mailed the following configuration snippet with a brief note that says fix the permissions.
In what configuration file should the snippet be placed?
[]
access = read : [ * ], write : [ admin ]
export - system
(Assume that $APP_HOME refers to the path that the app is installed, e.g. $SPLUNK_HOME/etc/apps/<app name>)
A$APP_HOME/default/app.conf
B$APP_HOME/local/default.meta
C$APP_HOME/metadata/local.meta
D$SPLUNK_HOME/etc/system/local/server.conf
Given a dashboard with a Simple XML extension in myApp, what is the XML reference for the file myJS.js located in myOtherApp in the location shown below?
$SPLUNK_HOME/etc/apps/myOtherApp/appserver/static/javascript/
Which items below are configured in inputs.conf? (Select all that apply.)
AA modular input written in Python.
BA file input monitoring a JSON file.
CA custom search command written in Python.
DAn HTTP Event Collector as receiver of data from an app.
Which of the following is an intended use of HTTP Event Collector tokens?
AA cookie.
BAn HTTP header field.
CA JSON field in the HTTP request.
DA password in conjunction with login.
When the search/jobs REST endpoint is called to execute a search, what can be done to reduce the results size in the results? (Select all that apply.)
AUse a generating search.
BRemove unneeded fields.
CTruncate the data, using selective functions.
DSummarize data, using analytic commands.
Which of the following are valid parent elements for the event action shown below? (Select all that apply.)
<set token=Token Name>sourcetype=$click.value|s$</set>
