SPLK-1001 시험 - Splunk실제시험문제와 답 - 184문항

Question No : 1

When is an alert triggered?

A.When Splunk encounters a syntax error in a search
B.When a trigger action meets the predefined conditions
C.When an event in a search matches up with a data model
D.When results of a search meet a specifically defined condition

정답:
Explanation:
Reference: https://books.google.com.pk/books?id=sNwkBQAAQBAJ&pg=PT525&lpg=PT525&dq=splunk+alert+triggered+When+results+of+a+search+meet+a+specifically+defined+condition&source=bl&ots=avtEx5luxo&sig=ACfU3U1ZVob_j9nU243Te2vhqwxI3YvJuA&hl=en&sa=X&ved=2ahUKEwjm48rmkfXoAhUlMewKHb_FAbkQ6AEwB3oECBYQJg QUESTION 197

Question No : 2

@ Symbol can be used in advanced time unit option.

A.No
B.Yes

정답:

Question No : 3

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

A.| rare top=5
B.| top rare=5
C.| top limit=5
D.| rare limit=5

정답:

Question No : 4

Which symbol is used to snap the time?

A.@
B.&
C.*
D.#

정답:

Question No : 5

Universal forwarder is recommended for forwarding the logs to indexers.

A.False
B.True

정답:

Question No : 6

What is a primary function of a scheduled report?

A.Auto-detect changes in performance
B.Auto-generated PDF reports of overall data trends
C.Regularly scheduled archiving to keep disk space use low
D.Triggering an alert in your Splunk instance when certain conditions are met

정답:

Question No : 7

The stats command will create a _____________ by default.

A.Table
B.Report
C.Pie chart

정답:

Question No : 8

Fields are searchable name and value pairings that differentiates one event from another.

A.False
B.True

정답:

Question No : 9

In the Fields sidebar, what does the number directly to the right of the field name indicate?

A.The value of the field
B.The number of values for the field
C.The number of unique values for the field
D.The numeric non-unique values of the field

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchTutorial/Usefieldstosearch

Question No : 10

After running a search, what effect does clicking and dragging across the timeline have?

A.Executes a new search.
B.Filters current search results.
C.Moves to past or future events.
D.Expands the time range of the search.

정답:

Question No : 11

What is the purpose of using a by clause with the stats command?

A.To group the results by one or more fields.
B.To compute numerical statistics on each field.
C.To specify how the values in a list are delimited.
D.To partition the input data based on the split-by fields.

정답:

Question No : 12

Assuming a user has the capability to edit reports, which of the following are editable?

A.Acceleration, schedule, permissions
B.The report’s name, schedule, permissions
C.The report’s name, acceleration, schedule
D.The report’s name, acceleration, permissions

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Report/Createandeditreports

Question No : 13

How does Splunk determine which fields to extract from data?

A.Splunk only extracts the most interesting data from the last 24 hours.
B.Splunk only extracts fields users have manually specified in their data.
C.Splunk automatically extracts any fields that generate interesting visualizations.
D.Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

정답:

Question No : 14

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

A.the_questionnaire _pedia
B.the_questionnaire pedia
C.the_questionnaire_pedia
D.the_questionnaire Pedia

정답:

Question No : 15

Data summary button just below the search bar gives you the following (Choose three.):

A.Hosts
B.Sourcetypes
C.Sources
D.Indexes

정답:

Splunk SPLK-1001 시험