1. Home
  2. Splunk
  3. Splunk Core Certified User
  4. SPLK-1001
  5. Splunk Core Certified User Questions and Answers

Pass the Splunk Splunk Core Certified User SPLK-1001 Questions and answers with CertsForce

 Splunk Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 8 pages
Viewing questions 21-30 out of questions
Questions # 21:

This search will return 20 results. SEARCH: error | top host limit = 20

Options:
A.

True

B.

False

Expert Solution
Questions # 22:

What is the correct order of steps for creating a new lookup?

1. Configure the lookup to run automatically

2. Create the lookup table

3. Define the lookup

Options:
A.

2, 1, 3

B.

1, 2, 3

C.

2, 3, 1

D.

3, 2, 1

Expert Solution
Questions # 23:

When refining search results, what is the difference in the time picker between real-time and relative time ranges?

Options:
A.

Real-time searches happen instantly, while relative searches happen at a scheduled time.

B.

Real-time searches display results from a rolling time window, while relative searches display results from a set length of time.

C.

Real-time searches run constantly in the background, while relative searches only run when certain criteria are met.

D.

Real-time represents events that have happened in a set time window, while relative will display results from a rolling time window.

Expert Solution
Questions # 24:

Which search would return events from the access_combined sourcetype?

Options:
A.

Sourcetype=access_combined

B.

Sourcetype=Access_Combined

C.

sourcetype=Access_Combined

D.

SOURCETYPE=access_combined

Expert Solution
Questions # 25:

Splunk automatically determines the source type for major data types.

Options:
A.

False

B.

True

Expert Solution
Questions # 26:

What is the proper SPL terminology for specifying a particular index in a search?

Options:
A.

indexer—index_name

B.

indexer name—index_name

C.

index=index_name

D.

index name=index_name

Expert Solution
Questions # 27:

Which command automatically returns percent and count columns when executing searches?

Options:
A.

top

B.

stats

C.

table

D.

percent

Expert Solution
Questions # 28:

Which of the following are Splunk premium enhanced solutions? (Choose three.)

Options:
A.

Splunk User Behavior Analytics (UBA)

B.

Splunk IT Service Intelligence (ITSI)

C.

Splunk Enterprise Security (ES)

D.

Splunk Analytics Security (AS)

Expert Solution
Questions # 29:

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

Options:
A.

Save the search as a report and use it in multiple dashboards as needed

B.

Save the search as a dashboard panel for each dashboard that needs the data

C.

Save the search as a scheduled alert and use it in multiple dashboards as needed

D.

Export the results of the search to an XML file and use the file as the basis of the dashboards

Expert Solution
Questions # 30:

Which of the following is the appropriately formatted SPL search?

Options:
A.

index=security sourcetype=linux secure (invalid OR failed) | stats count as

"Potential Issues"

B.

index=security sourcetype=linux secure (invalid OR failed) | stats as

"Potential Issues"

C.

index—security sourcetype=linux secure (invalid OR failed) | count stats as

"Potential Issues"

D.

index—security sourcetype=linux secure (invalid OR failed) | count as "Potential Issues"

Expert Solution
Viewing page 3 out of 8 pages
Viewing questions 21-30 out of questions