Splunk SPLK-1001 Exam Practice Test Instant Access

Question 1

When refining search results, what is the difference in the time picker between real-time and relative time ranges?

AReal-time searches happen instantly, while relative searches happen at a scheduled time.

BReal-time searches display results from a rolling time window, while relative searches display results from a set length of time.

CReal-time searches run constantly in the background, while relative searches only run when certain criteria are met.

DReal-time represents events that have happened in a set time window, while relative will display results from a rolling time window.

Answer : B

The difference between real-time and relative time ranges in the time picker is that real-time searches display results from a rolling time window, such as the last 15 minutes, while relative searches display results from a set length of time, such as yesterday or last week. Real-time searches do not happen instantly, but rather update periodically based on the refresh interval. Relative searches do not happen at a scheduled time, but rather when the user runs them. Real-time searches do not run constantly in the background, but rather when the user starts them. Real-time searches do not represent events that have happened in a set time window, but rather events that are happening now.

Question 2

What will always appear in the Selected Fields list?

Aindex

Baction

Cclientip

Dsourcetype

Answer : D

Question 3

In the Search and Reporting app, which tab displays timecharts and bar charts?

AEvents

BPatterns

CStatistics

DVisualization

Answer : D

Explanation/Reference: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Aboutreportingcommands

Question 4

Which of the following reports is available in the Fields window?

ATop values by time

BRare values by time

CEvents with top value fields

DEvents with rare value fields

Answer : C

Question 5

Which search will return only events containing the word ''error'' and display the results as a table that includes

the fields named action, src, and dest?

Aerror | table action, src, dest

Berror | tabular action, src, dest

Cerror | stats table action, src, dest

Derror | table column=action column=src column=dest

Answer : C

Explanation/Reference: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/search

Question 6

Select the best options for "search best practices" in Splunk:

(Choose five.)

ASelect the time range always.

BTry to specify index values.

CInclude as many search terms as possible.

DNever select time range.

ETry to use * with every search term.

FInclusion is generally better than exclusion.

GTry to keep specific search terms.

Answer : A, B, C, F, G

Question 7

Will the queries following below get the same result?

1. index=log sourcetype=error_log status !=100

2. index=log sourcetype=error_log NOT status =100

AYes

BNo

Answer : B

Splunk SPLK-1001 Splunk Core Certified User Exam Practice Test