Exam Dumps 11/67

Answer: A
Explanation:

Question: 37
What user interface component allows for time selection?

A. Time summary
B. Time range picker
C. Search time picker
D. Data source time statistics

Answer: B
Explanation:

Question: 38
When an alert action is configured to run a script, Splunk must be able to locate the script. Which is
one of the directories Splunk will look in to find the script?

A. $SPLUNK_HOME/bin/scripts
B. $SPLUNK_HOME/etc/scripts
C. $SPLUNK_HOME/bin/etc/scripts
D. $SPLUNK_HOME/etc/scripts/bin

Answer: A
Explanation:

Question: 39
When editing a dashboard, which of the following are possible options? (select all that apply)

A. Add an output.
B. Export a dashboard panel.
C. Modify the chart type displayed in a dashboard panel.
D. Drag a dashboard panel to a different location on the dashboard.

Answer: D
Explanation:

Question: 40
Which of the following index searches would provide the most efficient search performance?

A. index=*
B. index=web OR index=s*
Exam Dumps 12/67

C. (index=web OR index=sales)
D. *index=sales AND index=web*

Answer: C
Explanation:

Question: 41
At index time, in which field does Splunk store the timestamp value?

A. time
B. _time
C. EventTime
D. timestamp

Answer: B
Explanation:

Question: 42
Which statement is true about the top command?

A. It returns the top 10 results

B. It displays the output in table format
C. It returns the count and percent columns per row
D. All of the above

Answer: D
Explanation:

Question: 43
What determines the scope of data that appears in a scheduled report?

A. All data accessible to the User role will appear in the report.
B. All data accessible to the owner of the report will appear in the report.
C. All data accessible to all users will appear in the report until the next time the report is run.
D. The owner of the report can configure permissions so that the report uses either the User role or
the profile at run time.

Answer: D
Explanation:

Question: 44
What is the main requirement for creating visualizations using the Splunk UI?
Exam Dumps 13/67

A. Your search must transform event data into Excel file format first.
B. Your search must transform event data into XML formatted data first.
C. Your search must transform event data into statistical data tables first.
D. Your search must transform event data into JSON formatted data first.

Answer: C
Explanation:

Question: 45
How can another user gain access to a saved report?

A. The owner of the report can edit permissions from the Edit dropdown
B. Only users with an Admin or Power User role can access other users' reports
C. Anyone can access any reports marked as public within a shared Splunk deployment
D. The owner of the report must clone the original report and save it to their user account

Answer: A
Explanation:

Question: 46
What is the primary use for the rare command1?

A. To sort field values in descending order

B. To return only fields containing five or fewer values
C. To find the least common values of a field in a dataset
D. To find the fields with the fewest number of values across a dataset

Answer: C
Explanation:

Question: 47
What happens when a field is added to the Selected Fields list in the fields sidebar'?

A. Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field
B. Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
C. Custom selections will replace the Interesting Fields that Splunk populated into the list at search
time
D. The selected field and its corresponding values will appear underneath the events in the search
results

Answer: D
Explanation:
Exam Dumps 14/67

Question: 48

By default, which of the following is a Selected Field?

A. action
B. clientip
C. categoryld
D. sourcetype

Answer: D
Explanation:

Question: 49
According to Splunk best practices, which placement of the wildcard results in the most efficient
search?

A. f*il
B. *fail
C. fail*
D. *fail*

Answer: C
Explanation:

Question: 50
Which command automatically returns percent and count columns when executing searches?

A. top
B. stats
C. table
D. percent

Answer: A
Explanation:

Question: 51
Which of the following describes lookup files?

A. Lookup fields cannot be used in searches

B. Lookups contain static data available in the index
C. Lookups add more fields to results returned by a search
D. Lookups pull data at index time and add them to search results
Exam Dumps 15/67

Answer: B
Explanation:

Question: 52
When running searches command modifiers in the search string are displayed in what color?

A. Red
B. Blue
C. Orange
D. Highlighted

Answer: B
Explanation:

Question: 53
How do you add or remove fields from search results?

A. Use field +to add and field -to remove.

B. Use table +to add and table -to remove.
C. Use fields +to add and fields to remove.
D. Use fields Plus to add and fields Minus to remove.

Answer: C
Explanation:

Question: 54
What are the steps to schedule a report?

A. After saving the report, click Schedule.

B. After saving the report, click Event Type.
C. After saving the report, click Scheduling.
D. After saving the report, click Dashboard Panel.

Answer: A
Explanation:

Question: 55
By default, how long does Splunk retain a search job?

A. 10 Minutes
B. 15 Minutes
Exam Dumps 16/67

C. 1 Day
D. 7 Days

Answer: A
Explanation:

Question: 56
Which Boolean operator is implied between search terms, unless otherwise specified?

A. OR
B. AND
C. NOT
D. NAND

Answer: B
Explanation:

Question: 57
What is a primary function of a scheduled report?

A. Auto-detect changes in performance

B. Auto-generated PDF reports of overall data trends
C. Regularly scheduled archiving to keep disk space use low
D. Triggering an alert in your Splunk instance when certain conditions are met

Answer: D
Explanation:

Question: 58
When sorting on multiple fields with the sort command, what delimiter can be used between the
field names in the search?

A. |
B. $
C. !
D. ,

Answer: D
Explanation:

Question: 59
Which search string is the most efficient?
Exam Dumps 17/67

A. "failed password"
B. ''failed password"*
C. index=* "failed password"
D. index=security "failed password"

Answer: D
Explanation:

Question: 60
Which search string matches only events with the status_code of 4:4?

A. status_code !=404
B. status_code>=400
C. status_code<=404
D. status code>403 status_code<405

Answer: D
Explanation:

Question: 61

This function of the stats command allows you to return the sample standard deviation of a field.

A. stdev
B. dev
C. count deviation
D. by standarddev

Answer: A
Explanation:

Question: 62

Which of the following commands will show the maximum bytes?

A. sourcetype=access_* | maximum totals by bytes

B. sourcetype=access_* | avg (bytes)
C. sourcetype=access_* | stats max(bytes)
D. sourcetype=access_* | max(bytes)

Answer: C
Explanation:
Exam Dumps 18/67

Question: 63

This search will return 20 results. SEARCH: error | top host limit = 20
A.True
B.False
Answer: A
Explanation:

Question: 64
Which of the following searches will show the number of categoryld used by each host?
A.Sourcetype=access_* |sum bytes by host
B.Sourcetype=access_* |stats sum(categorylD) by host
C.Sourcetype=access_* |sum(bytes) by host
D.Sourcetype=access_* |stats sum by host
Answer: B
Explanation:

Question: 65
This clause is used to group the output of a stats command by a specific name.
A.Rex
B.As
C.List
D.By
Answer: D
Explanation:

Question: 66
This function of the stats command allows you to return the middle-most value of field X.

A. Median(X)
B. Eval by X
C. Fields(X)
D. Values(X)

Answer: A
Explanation:

Question: 67
Exam Dumps 19/67

When a search returns , you can view the results as a list.

A. a list of events
B. transactions
C. statistical values

Answer: C
Explanation:

Question: 68

Clicking a SEGMENT on a chart, .

A. drills down for that value

B. highlights the field value across the chart
C. adds the highlighted value to the search criteria

Answer: C
Explanation:

Question: 69

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.

A. inputlookup
B. lookup

Answer: B
Explanation:

Question: 70

36. Lookups can be private for a user.

A. True
B. False

Answer: A
Explanation:

Question: 71
Exam Dumps 20/67

In automatic lookup definitions, the fields are those that are not in the event data.

A. input
B. output

Answer: B
Explanation:

Question: 72

What is the correct order of steps for creating a new lookup?

1. Configure the lookup to run automatically
2. Create the lookup table
3. Define the lookup

A. 2, 1, 3
B. 1, 2, 3
C. 2, 3, 1
D. 3, 2, 1

Answer: C
Explanation:

Question: 73

The command shown here does witch of the following: Command: |outputlookup products.csv
A.Writes search results to a file named products.csv
B.Returns the contents of a file named products.csv
Answer: A
Explanation:

Question: 74
Which of the following are not true about lookups? (Select all that apply.)
A.Lookups can be time based
B. Search results can be used to populate a lookup table
C. Splunk DB Connect can be used to populate a lookup table from relational databases
D. Output from a script can be used to populate a lookup table
E. Lookup have a 10mg maximum size limit
Answer: E
Explanation:

Question: 75