Splunk Fundamentals 1 Exam 50 Questions with Answer 2023,100% CORRECT

Splunk Fundamentals 1 Exam 50 Questions with Answer 2023 Machine data is generated by - CORRECT ANSWER All types of system in an organization Structure of machine data - CORRECT ANSWER Unstructured Machine data makes up ___% of data accumulated by organizations - CORRECT ANSWER 90 Main way data is supplied for indexing - CORRECT ANSWER Forwarders Search requests are processed by the - CORRECT ANSWER Indexers 3 main components of splunk - CORRECT ANSWER Collect and index data Add knowledge Search and investigate Single instance deployment can handle - CORRECT ANSWER searching indexing input parsing three main processing components - CORRECT ANSWER forwarders search heads indexers search strings are sent from - CORRECT ANSWER Search Heads Which function is not a part of single instance deployment - CORRECT ANSWER Clustering The password for a new instance is - CORRECT ANSWER created when you install splunk ___ define what users can do in splunk - CORRECT ANSWER roles What roles will only see their knowledge objects and those that have been shared with them - CORRECT ANSWER User You can launch and manage apps from the home app - CORRECT ANSWER True 3 default roles - CORRECT ANSWER user admin power most prod environment user ___ for source of data input - CORRECT ANSWER forwarders this lets splunk know where to break the event, timestamp is located and how to auto create fields pairs - CORRECT ANSWER Source types How would you continually monitor files in splunk - CORRECT ANSWER Monitor Files indexed using the upload input option get indexed - CORRECT ANSWER Once splunk uses source types to categorize the type of data being indexed - CORRECT ANSWER Source Types Toggles search mode by behavior - CORRECT ANSWER Smart mode What order are events listed - CORRECT ANSWER Reverse chronological * - CORRECT ANSWER wildcard commands that create stats and visualizations are - CORRECT ANSWER transforming commands when a search is sent to splunk it becomes a - CORRECT ANSWER search job field VALUES are case sensitive - CORRECT ANSWER False Field names are - CORRECT ANSWER case sensitive Which is better inclusion or exclusion - CORRECT ANSWER inclusion Most efficient way to filter events in splunk - CORRECT ANSWER time Having separate indexes all these 3 things - CORRECT ANSWER - faster searches - multiple retention policies - ability to limit access How to round down to the nearest unit of specified time - CORRECT ANSWER @ how to remove a field from returned events - CORRECT ANSWER fields - command to remove duplicate field values - CORRECT ANSWER dedup excluding fields will benefit performance - CORRECT ANSWER false rename a field - CORRECT ANSWER rename as "NEW NAME" how many results are shown by default with top or rare command - CORRECT ANSWER 10 What type of search values need to be returned to view the results as a chart - CORRECT ANSWER Statistical values charts are based on - CORRECT ANSWER numbers, time or location time range picker in dashboard will only work on panels that include a ___ search - CORRECT ANSWER inline data models are made up of - CORRECT ANSWER datasets the instant pivot button is displayed in the statistics and visualization tabs when a ___ search is run - CORRECT ANSWER non-transforming Pivots can be saved a report panels - CORRECT ANSWER false pivots can be saved as dashboard panels - CORRECT ANSWER true adding child data model objects is like the ___ boolean in the splunk search language - CORRECT ANSWER AND command to display data from lookup file - CORRECT ANSWER inputlookup http_ external data used by lookup can come from sources like - CORRECT ANSWER - csv files - scripts - geospatial to keep from overwriting existing fields with your lookup you can use the ___ clause - CORRECT ANSWER outputnew alert is action triggered by a - CORRECT ANSWER saved search alerts can be shared to all apps - CORRECT ANSWER true alerts can run uploaded scripts - CORRECT ANSWER true