1. Home
  2. Splunk
  3. Splunk Core Certified User
  4. SPLK-1001
  5. Splunk Core Certified User Questions and Answers

Pass the Splunk Splunk Core Certified User SPLK-1001 Questions and answers with CertsForce

 Splunk Exams      Go to Exam Detail      Get Premium Access
Viewing page 4 out of 8 pages
Viewing questions 31-40 out of questions
Questions # 31:

Given the following SPL search, how many rows of results would you expect to be returned by default? index=security sourcetype=linux_secure (fail* OR invalid) I top src__ip

Options:
A.

10

B.

50

C.

100

D.

20

Expert Solution
Questions # 32:

Which of the statements are correct? (Choose three.)

Options:
A.

Zoom to selection: Narrows the time range and re-executes the search.

B.

Zoom to selection: Narrows the time range and doesn't re-executes the search.

C.

Format Timeline: Hides or shows the timeline in different views.

D.

Zoom-Out: Expands the time focus and doesn't re-executes the search.

E.

Zoom-out: Expands the time focus and re-executes the search.

Expert Solution
Questions # 33:

What is the primary use for the rare command?

Options:
A.

To sort field values in descending order.

B.

To return only fields containing five of fewer values.

C.

To find the least common values of a field in a dataset.

D.

To find the fields with the fewest number of values across a dataset.

Expert Solution
Questions # 34:

Which Boolean operator is always implied between two search terms, unless otherwise specified?

Options:
A.

OR

B.

NOT

C.

AND

D.

XOR

Expert Solution
Questions # 35:

Splunk internal fields contains general information about events and starts from underscore i.e. _ .

Options:
A.

True

B.

False

Expert Solution
Questions # 36:

When looking at a dashboard panel that is based on a report, which of the following is true?

Options:
A.

You can modify the search string in the panel, and you can change and configure the visualization.

B.

You can modify the search string in the panel, but you cannot change and configure the visualization.

C.

You cannot modify the search string in the panel, but you can change and configure the visualization.

D.

You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Expert Solution
Questions # 37:

How to make Interesting field into a selected field?

Options:
A.

Click field in field sidebar -> click YES on the pop-up dialog on upper right side -> check now field should

be visible in the list of selected fields.

B.

Not possible.

C.

Only CLI changes will enable it.

D.

Click Settings -> Find field option -> Drop down select field -> enable selected field -> check now field

should be visible in the list of selected fields.

Expert Solution
Questions # 38:

Select the correct option that applies to Index time processing (Choose three.).

Options:
A.

Indexing

B.

Searching

C.

Parsing

D.

Settings

E.

Input

Expert Solution
Questions # 39:

By default, how long does Splunk retain a search job?

Options:
A.

10 Minutes

B.

15 Minutes

C.

1 Day

D.

7 Days

Expert Solution
Questions # 40:

How do you add or remove fields from search results?

Options:
A.

Use field +to add and field -to remove.

B.

Use table +to add and table -to remove.

C.

Use fields +to add and fields –to remove.

D.

Use fields Plus to add and fields Minus to remove.

Expert Solution
Viewing page 4 out of 8 pages
Viewing questions 31-40 out of questions