FREE AND STUDY GAMES ABOUT SPLUNK TRAINING EXAM

PDF Download

FREE AND STUDY GAMES ABOUT SPLUNK TRAINING EXAM

QUESTIONS

Actual Qs and Ans Expert-Verified Explanation

This Exam contains:

-Guarantee passing score -86 Questions and Answers -format set of multiple-choice -Expert-Verified Explanation

Question 1: Which eval function is the best option for masking data?

case replace isnotnull validate

Answer:

replace

Question 2: Which knowledge object type can be searched in Pivot?

event typoes data types data models dashboards

Answer:

data models

Question 3: What determines the timestamp shown on returned events in a search?

the time zone where the event originated the time zone defined in the user settings timestamps are displayed in epoch time timestamps are displayed in greenwich mean time

Answer:

the time zone defined in the user settings Question 4: True or False: Using an OVER and a BY clause with the chart command will create a multiseries data series.

Answer:

True Question 5: The _______ and _______ time modifiers will override the time range picker in a historical report.first last earliest latest

Answer:

latest, earliest Question 6: In the Fields sidebar, Interesting Fields occur in at least ________ of resulting events.20% 10% 3% 50%

Answer:

20%

Question 7: When using the top command, add the BY clause to ___.

return results grouped by the field you specify in the BY clause specify which search mode to return results by return a percentage of events specify how many results to return

Answer:

return results groups by the field you specify in the BY clause Question 8: Which of the following searches will return results containing the terms failed, password, or failed password?failed password OR "failed password" failed OR password OR "failed password" fail* failed OR password

Answer:

failed OR password OR "failed password", failed OR password Question 9: Which two commands when used together are equivalent to chart A over B by C?

any below:

stats A by B, C followed by commands then xyseries stats A by B, C followed by commands then untable stats A by B, C then untable stats A by B, C then xyseries

Answer:

stats followed by command then xyseries, stats followed by xyseries Question 10: Which command uses a template subsearch to replace the values of specific fields?replace foreach eval none, commands only use functions to replace values not templates or subsearches

Answer:

foreach

Question 11: What are the primary functions of a workflow action?

commun w external source using http GET pass info back to splunk to run second pass info to externals for more index commun w external using http post

Answer:

commun w external source using http GET commun w external using http post secondary searches Question 12: True of False: When using the eval command, all field values are treated in a case-sensitive manner and must be double-quoted.True False

Answer:

True

Question 13: Which knowledge object type can communicate with external sources using the HTTP GET and POST methods?workflow actions lkookups field extractions search actions

Answer:

workflow actions Question 14: The fields command allows you to do which of the following? Select all that apply.Exclude (fields -) Include (fields) Include (fields +)

Answer:

all

Question 15: By default, how long does a search job remain active?

10 minutes 30 minutes

• hours

Answer:

10 minutes Question 16: Which of the following functions can be used to filter NULL values?usenull=t isnull usenull-f isnotnull

Answer:

isnull, isnotnull Question 17: Which knowledge objects can be scheduled to execute at specific times?Alerts Reports Macros Workflow actions

Answer:

alerts, reports, macros