Splunk splk-1001 practice test

Which of the following are functions of the stats command?

• A. count, sum, add
• B. count, sum, less
• C. sum, avg, values
• D. sum, values, table

In a deployment with multiple indexes, what will happen when a search is run and an index is not
specified in the search string?

• A. No events will be returned.
• B. Splunk will prompt you to specify an index.
• C. All non-indexed events to which the user has access will be returned.
• D. Events from every index searched by default to which the user has access will be returned.

Which search matches the events containing the terms "error" and "fail"?

• A. index=security Error Fail
• B. index=security error OR fail
• C. index=security “error failure”
• D. index=security NOT error NOT fail

Which of the following is an option after clicking an item in search results?

• A. Saving the item to a report
• B. Adding the item to the search.
• C. Adding the item to a dashboard
• D. Saving the search to a JSON file.

When placed early in a search, which command is most effective at reducing search execution time?

• A. dedup
• B. rename
• C. sort -
• D. fields +

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

• A. App, Owner, Severity, and Type
• B. App, Owner, Priority, and Status
• C. App, Dashboard, Severity, and Type
• D. App, Time Window, Type, and Severity

When displaying results of a search, which of the following is true about line charts?

• A. Line charts are optimal for single and multiple series.
• B. Line charts are optimal for single series when using Fast mode.
• C. Line charts are optimal for multiple series with 3 or more columns.
• D. Line charts are optimal for multiseries searches with at least 2 or more columns.

A collection of items containing things such as data inputs, UI elements, and knowledge objects is
known as what?

• A. An app
• B. JSON
• C. A role
• D. An enhanced solution

Which of the following fields is stored with the events in the index?

• A. user
• B. source
• C. location
• D. sourcelp

Which of the following is the recommended way to create multiple dashboards displaying data from
the same search?

• A. Save the search as a report and use it in multiple dashboards as needed
• B. Save the search as a dashboard panel for each dashboard that needs the data
• C. Save the search as a scheduled alert and use it in multiple dashboards as needed
• D. Export the results of the search to an XML file and use the file as the basis of the dashboards