NEW QUESTION 1
Which command is used to review the contents of a specified static lookup file?

• A. lookup
• B. csvlookup
• C. inputlookup
• D. outputlookup

Answer: C

NEW QUESTION 2
When a Splunk search generates calculated data that appears in the Statistics tab, in what formats can the results be exported?

• A. CSV, JSON, PDF
• B. CSV, XML, JSON
• C. Raw Events, XML, JSON
• D. Raw Events, CSV, XML, JSON

Answer: B

NEW QUESTION 3
What can be configured using the Edit Job Settings menu?

• A. Export the result to CSV format.
• B. Add the Job results to a dashboard.
• C. Schedule the Job to re-run in 10 minutes.
• D. Change Job Lifetime from 10 minutes to 7 days.

Answer: B

NEW QUESTION 4
Data sources being opened and read applies to:

• A. None of the above
• B. Indexing Phase
• C. Parsing Phase
• D. Input Phase
• E. License Metering

Answer: D

NEW QUESTION 5
Which is the default app for Splunk Enterprise?

• A. Splunk Enterprise Security Suite
• B. Searching and Reporting
• C. Reporting and Searching
• D. Splunk apps for Security

Answer: B

NEW QUESTION 6
Splunk Enterprise is used as a Scalable service in Splunk Cloud.

• A. True
• B. False

Answer: A

NEW QUESTION 7
Which component of Splunk let us write SPL query to find the required data?

• A. Forwarders
• B. Indexer
• C. Heavy Forwarders
• D. Search head

Answer: D

NEW QUESTION 8
What does the values function of the stats command do?

• A. Lists all values of a given field.
• B. Lists unique values of a given field.
• C. Returns a count of unique values for a given field.
• D. Returns the number of events that match the search.

Answer: C

NEW QUESTION 9
All components are installed and administered in Splunk Enterprise on-premise.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Explanation/Reference:
B. False
Answer:

NEW QUESTION 10
What can be included in the All Fields option in the sidebar?

• A. Dashboards
• B. Metadata only
• C. Non-interesting fields
• D. Field descriptions

Answer: D

NEW QUESTION 11
Matching search terms are highlighted.

• A. Yes
• B. No

Answer: A

NEW QUESTION 12
When viewing the results of a search, what is an Interesting Field?

• A. A field that appears in any event.
• B. A field that appears in every event.
• C. A field that appears in the top 10 events.
• D. A field that appears in at least 20% of the events.

Answer: D

NEW QUESTION 13
Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

• A. Save the search as a report and use it in multiple dashboards as needed.
• B. Save the search as a dashboard panel for each dashboard that needs the data.
• C. Save the search as a scheduled alert and use it in multiple dashboards as needed.
• D. Export the results of the search to an XML file and use the file as the basis of the dashboards.

Answer: D

NEW QUESTION 14
Which symbol is used to snap the time?

• A. @
• B. &
• C. *
• D. #

Answer: A

NEW QUESTION 15
Three basic components of Splunk are (Choose three.):

• A. Forwarders
• B. Deployment Server
• C. Indexer
• D. Knowledge Objects
• E. Index
• F. Search Head

Answer: ACF

NEW QUESTION 16
Which of the following is a best practice when writing a search string?

• A. Include all formatting commands before any search terms.
• B. Include at least one function as this is a search requirement.
• C. Include the search terms at the beginning of the search string.
• D. Avoid using formatting clauses, as they add too much overhead.

Answer: D

NEW QUESTION 17
When looking at a dashboard panel that is based on a report, which of the following is true?

• A. You can modify the search string in the panel, and you can change and configure the visualization.
• B. You can modify the search string in the panel, but you cannot change and configure the visualization.
• C. You cannot modify the search string in the panel, but you can change and configure the visualization.
• D. You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Answer: C

NEW QUESTION 18
What does the stats command do?

• A. Automatically correlates related fields.
• B. Converts field values into numerical values.
• C. Calculates statistics on data that matches the search criteria.
• D. Analyzes numerical fields for their ability to predict another discrete field.

Answer: C

NEW QUESTION 19
What must be done in order to use a lookup table in Splunk?

• A. The lookup must be configured to run automatically.
• B. The contents of the lookup file must be copied and pasted into the search bar.
• C. The lookup file must be uploaded to Splunk and a lookup definition must be created.
• D. The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Answer: C

NEW QUESTION 20
Which is primary function of the timeline located under the search bar?

• A. To differentiate between structured and unstructured events in the data.
• B. To sort the events returned by the search command in chronological order.
• C. To zoom in and zoom out, although this does not change the scale of the chart.
• D. To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.

Answer: D

NEW QUESTION 21
What is the primary use for the rare command?

• A. To sort field values in descending order.
• B. To return only fields containing five of fewer values.
• C. To find the least common values of a field in a dataset.
• D. To find the fields with the fewest number of values across a dataset.

Answer: C

NEW QUESTION 22
What is a primary function of a scheduled report?

• A. Auto-detect changes in performance.
• B. Auto-generated PDF reports of overall data trends.
• C. Regularly scheduled archiving to keep disk space use low.
• D. Triggering an alert in your Splunk instance when certain conditions are met.

Answer: D

NEW QUESTION 23
Portal for Splunk apps can be accessed through www.splunkbase.com

• A. False
• B. True

Answer: B

NEW QUESTION 24
You can view the search result in following format (Choose three.):

• A. Table
• B. Raw
• C. Pie Chart
• D. List

Answer: ABD

NEW QUESTION 25
......