100% Correct Splunk SPLK-1001 Free Practice Exam Online

NEW QUESTION 1
What is a primary function of a scheduled report?

• A. Auto-detect changes in performance.
• B. Auto-generated PDF reports of overall data trends.
• C. Regularly scheduled archiving to keep disk space use low.
• D. Triggering an alert in your Splunk instance when certain conditions are met.

Answer: D

NEW QUESTION 2
How do you add or remove fields from search results?

• A. Use field +to add and field -to remove.
• B. Use table +to add and table -to remove.
• C. Use fields +to add and fields –to remove.
• D. Use fields Plus to add and fields Minus to remove.

Answer: C

NEW QUESTION 3
What is the main requirement for creating visualizations using the Splunk UI?

• A. Your search must transform event data into Excel file format first.
• B. Your search must transform event data into XML formatted data first.
• C. Your search must transform event data into statistical data tables first.
• D. Your search must transform event data into JSON formatted data first.

Answer: B

NEW QUESTION 4
In monitor option you can select the following options in GUI.

• A. Only HTTP Event Collector (HEC) and TCP/UDP
• B. None of the above
• C. Only TCP/UDP
• D. Only Scripts
• E. Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts

Answer: E

NEW QUESTION 5
Log filtering/parsing can be done from _____.

• A. Index Forwarders (IF)
• B. Universal Forwarders (UF)
• C. Super Forwarder (SF)
• D. Heavy Forwarders (HF)

Answer: D

NEW QUESTION 6
When a Splunk search generates calculated data that appears in the Statistics tab, in what formats can the results be exported?

• A. CSV, JSON, PDF
• B. CSV, XML, JSON
• C. Raw Events, XML, JSON
• D. Raw Events, CSV, XML, JSON

Answer: B

NEW QUESTION 7
Upload option creates inputs.conf

• A. Yes
• B. No

Answer: B

NEW QUESTION 8
After running a search, what effect does clicking and dragging across the timeline have?

• A. Executes a new search.
• B. Filters current search results.
• C. Moves to past or future events.
• D. Expands the time range of the search.

Answer: C

NEW QUESTION 9
Splunk Enterprise is used as a Scalable service in Splunk Cloud.

• A. True
• B. False

Answer: A

NEW QUESTION 10
How does Splunk determine which fields to extract from data?

• A. Splunk only extracts the most interesting data from the last 24 hours.
• B. Splunk only extracts fields users have manually specified in their data.
• C. Splunk automatically extracts any fields that generate interesting visualizations.
• D. Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

Answer: D

NEW QUESTION 11
When looking at a dashboard panel that is based on a report, which of the following is true?

• A. You can modify the search string in the panel, and you can change and configure the visualization.
• B. You can modify the search string in the panel, but you cannot change and configure the visualization.
• C. You cannot modify the search string in the panel, but you can change and configure the visualization.
• D. You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Answer: C

NEW QUESTION 12
You can view the search result in following format (Choose three.):

• A. Table
• B. Raw
• C. Pie Chart
• D. List

Answer: ABD

NEW QUESTION 13
What is the purpose of using a by clause with the stats command?

• A. To group the results by one or more fields.
• B. To compute numerical statistics on each field.
• C. To specify how the values in a list are delimited.
• D. To partition the input data based on the split-by fields.

Answer: A

NEW QUESTION 14
How can another user gain access to a saved report?

• A. The owner of the report can edit permissions from the Edit dropdown.
• B. Only users with an Admin or Power User role can access other users’ reports.
• C. Anyone can access any reports marked as public within a shared Splunk deployment.
• D. The owner of the report must clone the original report and save it to their user account.

Answer: A

NEW QUESTION 15
Data summary button just below the search bar gives you the following (Choose three.):

• A. Hosts
• B. Sourcetypes
• C. Sources
• D. Indexes

Answer: ABC

NEW QUESTION 16
Which of the following is true about user account settings and preferences?

• A. Search & Reporting is the only app that can be set as the default application.
• B. Full names can only be changed by accounts with a Power User or Admin role.
• C. Time zones are automatically updated based on the setting of the computer accessing Splunk.
• D. Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Answer: B

NEW QUESTION 17
Which of the statements are correct about HF? (Choose three.)

• A. Parsing
• B. Masking
• C. Searching
• D. Forwarding

Answer: ABD

NEW QUESTION 18
What syntax is used to link key/value pairs in search strings?

• A. action+purchase
• B. action=purchase
• C. action | purchase
• D. action equal purchase

Answer: B

NEW QUESTION 19
What happens when a field is added to the Selected Fields list in the fields sidebar?

• A. Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
• B. Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
• C. Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
• D. The selected field and its corresponding values will appear underneath the events in the search results.

Answer: D

NEW QUESTION 20
Matching search terms are highlighted.

• A. Yes
• B. No

Answer: A

NEW QUESTION 21
......