SPLUNK 1002 TEST

Description

SPLUNK 1002 TEST
David OkOk
Quiz by David OkOk, updated 8 months ago
David OkOk
Created by David OkOk 11 months ago
149
0

Resource summary

Question 1

Question
1.- Using the export function, you can export search results as __________.( Select all that apply)
Answer
  • Xml
  • Json
  • Html
  • A php file

Question 2

Question
2.- The fields sidebar does not show________. (Select all that apply.)
Answer
  • interesting fields
  • selected fields
  • all extracted fields

Question 3

Question
3.- Splunk alerts can be based on search that run______. (Select all that apply.)
Answer
  • in real-time
  • on a regular schedule
  • and have no matching events

Question 4

Question
4.- Alert throttling is used to _______.
Answer
  • verify each alert
  • stagger search request in a time sequenced order
  • stop spamming yourself with alerts
  • check severity

Question 5

Question
5.- A real-time alert is ______________.
Answer
  • A scheduled alert
  • constantly running in the background

Question 6

Question
6.- This tab shows you the event patterns in the results of a specific search.
Answer
  • statistics
  • visualization
  • patterns

Question 7

Question
7.- Which of the following about reports is/are true?
Answer
  • Reports are knowledge objects.
  • Reports can be scheduled.
  • Reports can run a script.
  • All of the above.

Question 8

Question
8.- Select this in the fields sidebar to automatically pipe you search results to the rare command
Answer
  • events with this field
  • rare values
  • top values by time
  • top values

Question 9

Question
9.- A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.
Answer
  • skipped or deferred
  • automatically accelerated
  • deleted
  • all of the above

Question 10

Question
10.- Which of the following are valid options to speed up reports? (Select all the apply.)
Answer
  • Edit permissions
  • Edit description
  • Edit acceleration
  • Edit schedule

Question 11

Question
11.- Which of the following statements are true for this search? (Select all that apply.) SEARCH:sourcetype=access* |fields action productld status
Answer
  • is looking for all events that include the search terms: fields AND action AND productld AND status
  • users the table command to improve performance
  • limits the fields are extracted
  • returns a table with 3 columns

Question 12

Question
12.- Use the dedup command to _____.
Answer
  • Rename a field in the index
  • remove duplicate values
  • Provide an additional alias for the field that can
  • be used in the search criteria

Question 13

Question
13.- We can use the rename command to _____ (Select all that apply.)
Answer
  • Change indexed fields
  • Exclude fields from our search results
  • Extract new fields from our data using regular expressions
  • Give a field a new name at search time

Question 14

Question
14.- The limit attribute will___________.
Answer
  • override default of 10
  • only work with top command
  • override default of 20
  • override default of 15

Question 15

Question
15.- This function of the stats command allows you to identify the number of values a field has.
Answer
  • max
  • distinct_count
  • fields
  • count

Question 16

Question
16.- This function of the stats command allows you to return the sample standard deviation of a field.
Answer
  • stdev
  • dev
  • count deviation
  • by standarddev

Question 17

Question
17.- Which of the following commands will show the maximum bytes?
Answer
  • sourcetype=access_* | maximum totals by bytes
  • sourcetype=access_* | avg (bytes)
  • sourcetype=access_* | stats max(bytes)
  • sourcetype=access_* | max(bytes)

Question 18

Question
18.- Which of the following searches will show the number of categoryld used by each host?
Answer
  • Sourcetype=access_* |sum bytes by host
  • Sourcetype=access_* |stats sum(categoryld) by host
  • Sourcetype=access_* |sum(bytes) by host
  • Sourcetype=access_* |stats sum by host

Question 19

Question
19.- Sourcetype=access_* |stats sum by host
Answer
  • Rex
  • As
  • List
  • By

Question 20

Question
20.- This function of the stats command allows you to return the middle-most value of field X.
Answer
  • Median(X)
  • Eval by X
  • Fields(X)
  • Values(X)

Question 21

Question
21.- When a search returns __________, you can view the results as a list.
Answer
  • a list of events
  • transactions
  • statistical values

Question 22

Question
22.- Clicking a SEGMENT on a chart, ________.
Answer
  • drills down for that value
  • highlights the field value across the chart
  • adds the highlighted value to the search criteria

Question 23

Question
23.- Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.
Answer
  • inputlookup
  • lookup

Question 24

Question
24.- It is mandatory for the lookup file to have this for an automatic lookup to work.
Answer
  • Source type
  • At least five columns
  • Timestamp
  • Input filed

Question 25

Question
25.- These users can create global knowledge objects. (Select all that apply.)
Answer
  • users
  • power users
  • administrators

Question 26

Question
25.- This is what Splunk uses to categorize the data that is being indexed.
Answer
  • sourcetype
  • index
  • source
  • host

Question 27

Question
27.- This is what Splunk uses to categorize the data that is being indexed.
Answer
  • Host
  • Sourcetype
  • Index
  • Source

Question 28

Question
28.- By default search results are not returned in ________ order.
Answer
  • Chronological
  • Reverser chronological
  • ASCIE
  • Alphabetical

Question 29

Question
29.- The stats command will create a _____________ by default.
Answer
  • Table
  • Report
  • Pie chart

Question 30

Question
30.- Which is not a comparison operator in Splunk
Answer
  • <=
  • =
  • !=
  • >
  • ?=

Question 31

Question
31.- Which of the following is NOT a stats function:
Answer
  • sum
  • addtotals
  • count
  • avg

Question 32

Question
32.- If a search returns ____________ it can be viewed as a chart.
Answer
  • timestamps
  • statistics
  • events
  • keywords

Question 33

Question
33.- In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status!=200 | chart count over host
Answer
  • status
  • host
  • count

Question 34

Question
34.- The timechart command buckets data in time intervals depending on:
Answer
  • the number of events returned
  • the selected time range
  • the type of visualization selected

Question 35

Question
35.- Which of these search strings is NOT valid:
Answer
  • index=web status=50* | chart count over host, status
  • index=web status=50* | chart count over host by status
  • index=web status=5-* | chart count by host, status

Question 36

Question
36.- Which command is used to create choropleth maps?
Answer
  • geostats
  • cluster
  • geom

Question 37

Question
37.- which of the following are valid options with the chart command
Answer
  • useother
  • usenull
  • fillfield
  • usefiled

Question 38

Question
38.- The gauge command:
Answer
  • creates a single-value visualization
  • allows you to set colored ranges for a single-value visualization
  • creates a radial gauge visualization

Question 39

Question
39.- What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)
Answer
  • The average time elapsed during each transaction for all transactions
  • The average time for each event within each transaction
  • The average time between each transaction

Question 40

Question
40.- Which of these is NOT a field that is automatically created with the transaction command?
Answer
  • maxcount
  • duration
  • eventcount

Question 41

Question
41.- How many ways are there to access the Field Extractor Utility?
Answer
  • 3
  • 4
  • 1
  • 5

Question 42

Question
42.- When extracting fields, we may choose to use our own regular expressions
Answer
  • True
  • False

Question 43

Question
43.- Field aliases are used to __________ data
Answer
  • clean
  • transform
  • calculate
  • normalize

Question 44

Question
44.- What is the correct way to name a macro with two arguments?
Answer
  • us_sales2
  • us_sales(1,2)
  • us_sale,2
  • us_sales(2)

Question 45

Question
45.- When using a field value variable with a Workflow Action, which punctuation mark will escape the data.
Answer
  • *
  • !
  • ^
  • #

Question 46

Question
46.- __________ datasets can be added to root dataset to narrow down the search
Answer
  • parent
  • extracted
  • event
  • child

Question 47

Question
47.- Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?
Answer
  • maxpause
  • endswith
  • maxduration
  • maxspan

Question 48

Question
48.- The eval command 'if' function requires the following three arguments (in order):
Answer
  • Boolean expression, result if true, result if false
  • Result if true, result if false, boolean expression
  • Result if false, result if true, boolean expression
  • Boolean expression, result if false, result if true

Question 49

Question
49.- Which search would limit an "alert" tag to the "host" field?
Answer
  • tag=alert
  • host::tag::alert
  • tag==alert
  • tag::host=alert

Question 50

Question
50.- The transaction command allows you to __________ events across multiple sources
Answer
  • duplicate
  • correlate
  • persist
  • tag

Question 51

Question
51.- Which of the following commands are used when creating visualizations(select all that apply.)
Answer
  • Geom
  • Choropleth
  • Geostats
  • iplocation

Question 52

Question
52.- For choropleth maps,splunk ships with the following KMZ files (select all that apply)
Answer
  • States of the United States
  • States and provinces of the united states and Canada
  • Countries of the European Union
  • Countries of the World

Question 53

Question
54.- Complete the search, …. | _____ failure>successes
Answer
  • Search
  • Where
  • If
  • Any of the above

Question 54

Question
54.- These kinds of charts represent a series in a single bar with multiple sections
Answer
  • Multi-Series
  • Split-Series
  • Omit nulls
  • Stacked

Question 55

Question
55.- When using a split series on a chart, the series MUST be displayed using the STACKED option.
Answer
  • True
  • False

Question 56

Question
56.- Which of the following are valid options with the chart command ?(select all that apply)
Answer
  • usenull=f
  • useother=f
  • split=t
  • transcation=t

Question 57

Question
57.- This role is required to install the CIM Add-on.
Answer
  • ADMIN
  • POWER
  • USER

Question 58

Question
58.- The Splunk CIM Add-on includes data models in a __________ format. Select your answer.
Answer
  • MySQL
  • XML
  • JSON

Question 59

Question
59.- These allow you to categorize events based on search terms. Select your answer.
Answer
  • Groups
  • Event Types
  • Macros
  • Tags

Question 60

Question
60.- In the Field Extractor Utility, this button will display events that do not contain extracted fields. Select your answer.
Answer
  • Selected-Fields
  • Non-Matches
  • Non-Extractions
  • Matches
Show full summary Hide full summary

Similar

Quiz Geral
miminoma
THEMES IN KING LEAR
Sarah-Elizabeth
Chemistry 3 Extracting Metals Core GCSE
Chloe Roberts
Forces and their effects
kate.siena
Circle Theorems
I Turner
GCSE AQA Citizenship Studies: Theme 1
I Turner
Marriage and Family Life - Edexcel GCSE Religious Studies Unit 3
nicolalennon12
Haemoglobin
Elena Cade
GCSE History – Social Impact of the Nazi State in 1945
Ben C
Introduction to the Atom
Sarah Egan
SFDC App Builder 1 (1-25)
Connie Woolard