Splunk SPLK-1001 - Splunk Core Certified User Exam
Page: 1 / 43
Total 212 questions
Question #1 (Topic: Single Topic)
Which search string only returns events from hostWWW3?
A. host=*
B. host=WWW3
C. host=WWW*
D. Host=WWW3
Answer: B
Question #2 (Topic: Single Topic)
By default, how long does Splunk retain a search job?
A. 10 Minutes
B. 15 Minutes
C. 1 Day
D. 7 Days
Answer: A
Question #3 (Topic: Single Topic)
What must be done before an automatic lookup can be created? (Choose all that apply.)
A. The lookup command must be used.
B. The lookup definition must be created.
C. The lookup file must be uploaded to Splunk.
D. The lookup file must be verified using the inputlookup command.
Answer: B
Question #4 (Topic: Single Topic)
Which of the following Splunk components typically resides on the machines where data originates?
A. Indexer
B. Forwarder
C. Search head
D. Deployment server
Answer: B
Question #5 (Topic: Single Topic)
What determines the scope of data that appears in a scheduled report?
A. All data accessible to the User role will appear in the report.
B. All data accessible to the owner of the report will appear in the report.
C. All data accessible to all users will appear in the report until the next time the report is run.
D. The owner of the report can configure permissions so that the report uses either the User role or the ownerג€™s profile at run time.
Answer: B
