Free SPLK-1001 Sample Questions — Splunk Core Certified User

Assuming a user has the capability to edit reports, which of the following are editable?

• A. Acceleration, schedule, permissions
• B. The report's name, schedule, permissions
• C. The report's name, acceleration, schedule
• D. The report's name, acceleration, permissions

Search Language Syntax in Splunk can be broken down into the following components. (Choose all that apply.)

• A. Search term
• B. Command
• C. Pipe
• D. Functions
• E. Arguments
• F. Clause

When a Splunk search generates calculated data that appears in the Statistics tab, in what formats can the results be exported?

• A. CSV, JSON, PDF
• B. CSV, XML, JSON
• C. Raw Events, XML, JSON
• D. Raw Events, CSV, XML, JSON

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

• A. Review Splunk reports
• B. Run ./splunk show
• C. Click Data Summary in Splunk Web
• D. Search index=* sourcetype=* host=*

You can view the search result in following format (Choose three.):

• A. Table
• B. Raw
• C. Pie Chart
• D. List

What is Search Assistant in Splunk?

• A. It is only available to Admins
• B. Such feature does not exist in Splunk
• C. Shows options to complete the search string

What is Splunk?

• A. Splunk is a software platform to search, analyze and visualize the machine-generated data
• B. Database management tool
• C. Security Information and Event Management (SIEM)
• D. Cloud based application that help in analyzing logs

Which search matches the events containing the terms `error` and `fail`?

• A. index=security Error Fail
• B. index=security error OR fail
• C. index=security "error failure"
• D. index=security NOT error NOT fail

By default, how long does Splunk retain a search job?

• A. 10 Minutes
• B. 15 Minutes
• C. 1 Day
• D. 7 Days

In the Splunk web interface, what defines an interesting field?

• A. The field with the lowest entropy relative to the core search
• B. The field that exists in at least twenty percent (20%) of the events in the search
• C. The numeric field within the data, which allows its use in charts and timecharts
• D. The field with the highest entropy relative to the core search

Prefix wildcards might cause performance issues.

• A. False
• B. True

______________ is the default web port used by Splunk.

• A. 8089
• B. 8000
• C. 8080
• D. 443

Query - status != 100:

• A. Will return event where status field exist but value of that field is not 100
• B. Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist
• C. Will get different results depending on data

Events in Splunk are automatically segregated using data and time.

• A. Yes
• B. No

Which of the following constraints can be used with the top command?

• A. limit
• B. useperc
• C. addtotals
• D. fieldcount

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

• A. Add an output
• B. Export a dashboard panel
• C. Modify the chart type displayed in a dashboard panel
• D. Drag a dashboard panel to a different location on the dashboard

By default, which role contains the minimum permissions required to have write access to Splunk alerts?

• A. Alerting
• B. Admin
• C. Power
• D. User

You are able to create new Index in Data Input settings.

• A. No
• B. Yes

How do you add or remove fields from search results?

• A. Use field +to add and field -to remove
• B. Use table +to add and table -to remove
• C. Use fields +to add and fields ""to remove
• D. Use fields Plus to add and fields Minus to remove

After running a search, what effect does clicking and dragging across the timeline have?

• A. Executes a new search
• B. Filters current search results
• C. Moves to past or future events
• D. Expands the time range of the search