What Approved SPLK-1001 Exam Is

NEW QUESTION 1
Log filtering/parsing can be done from _____.

• A. Index Forwarders (IF)
• B. Universal Forwarders (UF)
• C. Super Forwarder (SF)
• D. Heavy Forwarders (HF)

Answer: D

NEW QUESTION 2
What is Splunk?

• A. Splunk is a software platform to search, analyze and visualize the machine-generated data.
• B. Database management tool.
• C. Security Information and Event Management (SIEM).
• D. Cloud based application that help in analyzing logs.

Answer: A

NEW QUESTION 3
In monitor option you can select the following options in GUI.

• A. Only HTTP Event Collector (HEC) and TCP/UDP
• B. None of the above
• C. Only TCP/UDP
• D. Only Scripts
• E. Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts

Answer: E

NEW QUESTION 4
Which of the statements are correct about HF? (Choose three.)

• A. Parsing
• B. Masking
• C. Searching
• D. Forwarding

Answer: ABD

NEW QUESTION 5
What options do you get after selecting timeline? (Choose four.)

• A. Zoom to selection
• B. Format Timeline
• C. Deselect
• D. Delete
• E. Zoom Out

Answer: ABCE

NEW QUESTION 6
After running a search, what effect does clicking and dragging across the timeline have?

• A. Executes a new search.
• B. Filters current search results.
• C. Moves to past or future events.
• D. Expands the time range of the search.

Answer: C

NEW QUESTION 7
Which of the following is a best practice when writing a search string?

• A. Include all formatting commands before any search terms.
• B. Include at least one function as this is a search requirement.
• C. Include the search terms at the beginning of the search string.
• D. Avoid using formatting clauses, as they add too much overhead.

Answer: D

NEW QUESTION 8
Which stats command function provides a count of how many unique values exist for a given field in the result set?

• A. dc(field)
• B. count(field)
• C. count-by(field)
• D. distinct-count(field)

Answer: A

NEW QUESTION 9
What happens when a field is added to the Selected Fields list in the fields sidebar?

• A. Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
• B. Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
• C. Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
• D. The selected field and its corresponding values will appear underneath the events in the search results.

Answer: D

NEW QUESTION 10
Parsing of data can happen both in HF and UF.

• A. Yes
• B. No

Answer: B

NEW QUESTION 11
Which of the following is a Splunk search best practice?
Splunk Core Certified User

• A. Filter as early as possible.
• B. Never specify more than one index.
• C. Include as few search terms as possible.
• D. Use wildcards to return more search results.

Answer: A

NEW QUESTION 12
When placed early in a search, which command is most effective at reducing search execution time?

• A. dedup
• B. rename
• C. sort -
• D. fields +

Answer: A

NEW QUESTION 13
Forward Option gather and forward data to indexers over a receiving port from remote machines.

• A. False
• B. True

Answer: B

NEW QUESTION 14
What type of search can be saved as a report?

• A. Any search can be saved as a report.
• B. Only searches that generate visualizations.
• C. Only searches containing a transforming command.
• D. Only searches that generate statistics or visualizations.

Answer: A

NEW QUESTION 15
What does the stats command do?

• A. Automatically correlates related fields.
• B. Converts field values into numerical values.
• C. Calculates statistics on data that matches the search criteria.
• D. Analyzes numerical fields for their ability to predict another discrete field.

Answer: C

NEW QUESTION 16
The default host name used in Inputs general settings can not be changed.

• A. False
• B. True

Answer: A

NEW QUESTION 17
What must be done in order to use a lookup table in Splunk?

• A. The lookup must be configured to run automatically.
• B. The contents of the lookup file must be copied and pasted into the search bar.
• C. The lookup file must be uploaded to Splunk and a lookup definition must be created.
• D. The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Answer: C

NEW QUESTION 18
When looking at a dashboard panel that is based on a report, which of the following is true?

• A. You can modify the search string in the panel, and you can change and configure the visualization.
• B. You can modify the search string in the panel, but you cannot change and configure the visualization.
• C. You cannot modify the search string in the panel, but you can change and configure the visualization.
• D. You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Answer: C

NEW QUESTION 19
Which of the following searches will return results where fail, 400, and error exist in every event?

• A. error AND (fail AND 400)
• B. error OR (fail and 400)
• C. error AND (fail OR 400)
• D. error OR fail OR 400

Answer: C

NEW QUESTION 20
Which search matches the events containing the terms “error” and “fail”?

• A. index=security Error Fail
• B. index=security error OR fail
• C. index=security “error failure”
• D. index=security NOT error NOT fail

Answer: B

NEW QUESTION 21
Splunk index time process can be broken down into _____ phases.

• A. 3
• B. 2
• C. 4
• D. 1

Answer: A

NEW QUESTION 22
......