Splunk SPLK-1004 - Splunk Core Certified Advanced Power User Exam
Page: 1 / 19
Total 95 questions
Question #1 (Topic: Exam A)
Which statement about tsidx files is accurate?
A. Splunk updates tsidx files every 30 minutes.
B. Splunk removes outdated tsidx files every 5 minutes.
C. A tsidx file consists of a lexicon and a posting list.
D. Each bucket in each index may contain only one tsidx file.
Answer: C
Question #2 (Topic: Exam A)
Repeating JSON data structures within one event will be extracted as what type of fields?
A. Single value
B. Lexicographical
C. Multivalue
D. Mvindex
Answer: C
Question #3 (Topic: Exam A)
What default Splunk role can use the Log Event alert action?
A. Power
B. User
C. can_delete
D. Admin
Answer: A
Question #4 (Topic: Exam A)
When running a search, which Splunk component retrieves the individual results?
A. Indexer
B. Search head
C. Universal forwarder
D. Master node
Answer: A
Question #5 (Topic: Exam A)
What order of incoming events must be supplied to the transaction command to ensure correct results?
A. Reverse lexicographical order
B. Ascending lexicographical order
C. Ascending chronological order
D. Reverse chronological order
Answer: D
