SPLK-1001 Splunk Exam Questions and Free Practice Test

Which of the following is a Splunk search best practice?
Splunk Core Certified User

A. Filter as early as possible.

B. Never specify more than one index.

C. Include as few search terms as possible.

D. Use wildcards to return more search results.

Correct Answer:A

Which of the following searches will return results where fail, 400, and error exist in every event?

A. error AND (fail AND 400)

B. error OR (fail and 400)

C. error AND (fail OR 400)

D. error OR fail OR 400

Correct Answer:C

What can be configured using the Edit Job Settings menu?

A. Export the result to CSV format.

B. Add the Job results to a dashboard.

C. Schedule the Job to re-run in 10 minutes.

D. Change Job Lifetime from 10 minutes to 7 days.

Correct Answer:B

Which search matches the events containing the terms “error” and “fail”?

A. index=security Error Fail

B. index=security error OR fail

C. index=security “error failure”

D. index=security NOT error NOT fail

Correct Answer:B

Which events will be returned by the following search string?
host=www3 status=503

A. All events that either have a host of www3 or a status of 503.

B. All events with a host of www3 that also have a status of 503.

C. We need more information; we cannot tell without knowing the time range.

D. We need more information; a search cannot be run without specifying an index.

Correct Answer:B

What can be included in the All Fields option in the sidebar?

A. Dashboards

B. Metadata only

C. Non-interesting fields

D. Field descriptions

Correct Answer:D

START SPLK-1001 EXAM