NEW QUESTION 1
Splunk Parses data into individual events, extracts time, and assigns metadata.

• A. False
• B. True

Answer: B

NEW QUESTION 2
What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

• A. the_questionnaire _pedia
• B. the_questionnaire pedia
• C. the_questionnaire_pedia
• D. the_questionnaire Pedia

Answer: C

NEW QUESTION 3
Which stats command function provides a count of how many unique values exist for a given field in the result set?

• A. dc(field)
• B. count(field)
• C. count-by(field)
• D. distinct-count(field)

Answer: A

NEW QUESTION 4
Keywords are highlighted when you mouse over search results and you can click this search result to (Choose three.):

• A. Open new search.
• B. Exclude the item from search.
• C. None of the above.
• D. Add the item to search.

Answer: ABD

NEW QUESTION 5
What is the main requirement for creating visualizations using the Splunk UI?

• A. Your search must transform event data into Excel file format first.
• B. Your search must transform event data into XML formatted data first.
• C. Your search must transform event data into statistical data tables first.
• D. Your search must transform event data into JSON formatted data first.

Answer: B

NEW QUESTION 6
Which of the following fields is stored with the events in the index?

• A. user
• B. source
• C. location
• D. sourceIp

Answer: B

NEW QUESTION 7
What type of search can be saved as a report?

• A. Any search can be saved as a report.
• B. Only searches that generate visualizations.
• C. Only searches containing a transforming command.
• D. Only searches that generate statistics or visualizations.

Answer: A

NEW QUESTION 8
Which search matches the events containing the terms “error” and “fail”?

• A. index=security Error Fail
• B. index=security error OR fail
• C. index=security “error failure”
• D. index=security NOT error NOT fail

Answer: B

NEW QUESTION 9
Which symbol is used to snap the time?

• A. @
• B. &
• C. *
• D. #

Answer: A

NEW QUESTION 10
Which of the following is a best practice when writing a search string?

• A. Include all formatting commands before any search terms.
• B. Include at least one function as this is a search requirement.
• C. Include the search terms at the beginning of the search string.
• D. Avoid using formatting clauses, as they add too much overhead.

Answer: D

NEW QUESTION 11
The default host name used in Inputs general settings can not be changed.

• A. False
• B. True

Answer: A

NEW QUESTION 12
Which command is used to validate a lookup file?

• A. | lookup products.csv
• B. inputlookup products.csv
• C. | inputlookup products.csv
• D. | lookup_definition products.csv

Answer: C

NEW QUESTION 13
Where does Licensing meter happen?

• A. Indexer
• B. Parsing
• C. Heavy Forwarder
• D. Input

Answer: A

NEW QUESTION 14
What can be included in the All Fields option in the sidebar?

• A. Dashboards
• B. Metadata only
• C. Non-interesting fields
• D. Field descriptions

Answer: D

NEW QUESTION 15
Three basic components of Splunk are (Choose three.):

• A. Forwarders
• B. Deployment Server
• C. Indexer
• D. Knowledge Objects
• E. Index
• F. Search Head

Answer: ACF

NEW QUESTION 16
Which is the default app for Splunk Enterprise?

• A. Splunk Enterprise Security Suite
• B. Searching and Reporting
• C. Reporting and Searching
• D. Splunk apps for Security

Answer: B

NEW QUESTION 17
How do you add or remove fields from search results?

• A. Use field +to add and field -to remove.
• B. Use table +to add and table -to remove.
• C. Use fields +to add and fields –to remove.
• D. Use fields Plus to add and fields Minus to remove.

Answer: C

NEW QUESTION 18
What happens when a field is added to the Selected Fields list in the fields sidebar?

• A. Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
• B. Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
• C. Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
• D. The selected field and its corresponding values will appear underneath the events in the search results.

Answer: D

NEW QUESTION 19
Data summary button just below the search bar gives you the following (Choose three.):

• A. Hosts
• B. Sourcetypes
• C. Sources
• D. Indexes

Answer: ABC

NEW QUESTION 20
What does the following specified time range do?
earliest=-72h@h latest=@d

• A. Look back 3 days ago and prior.
• B. Look back 72 hours, up to one day ago.
• C. Look back 72 hours, up to the end of today.
• D. Look back from 3 days ago, up to the beginning of today.

Answer: C

NEW QUESTION 21
What is a primary function of a scheduled report?

• A. Auto-detect changes in performance.
• B. Auto-generated PDF reports of overall data trends.
• C. Regularly scheduled archiving to keep disk space use low.
• D. Triggering an alert in your Splunk instance when certain conditions are met.

Answer: D

NEW QUESTION 22
All components are installed and administered in Splunk Enterprise on-premise.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Explanation/Reference:
B. False
Answer:

NEW QUESTION 23
What user interface component allows for time selection?

• A. Time summary
• B. Time range picker
• C. Search time picker
• D. Data source time statistics

Answer: B

NEW QUESTION 24
Splunk Enterprise is used as a Scalable service in Splunk Cloud.

• A. True
• B. False

Answer: A

NEW QUESTION 25
......