SPLUNK CORE USER EXAM
QUESTIONS AND CORRECT
DETAILED ANSWERS|ALREADY
GRADED A+
"#" denotes what type of string value? - Answer- numerical.
"@" is used in a time range search to do what function? - Answer- It is used to round
down to the nearest unit of specified time.
"a" denotes which type of field value? - Answer- A string value.
A shared search job will remain active for how long? - Answer- 7 days.
After "Time" the most powerful types of filters for searching are what? - Answer- Index,
Source, Host, Source type.
Are lookup field values case sensitive by default? - Answer- Yes in a Lookup they are.
(but not in a search)
Boolean components of a search are displayed in which color? - Answer- Orange.
Boolean operation has an order of evaluation, what is it? - Answer- NOT, OR, AND.
By default, a search job will remain active for how long after it's ran? - Answer- 10
minutes.
Can Pivots be saved as reports panels? - Answer- Yes.
Can you launch and manage apps from the home app? - Answer- Yes.
Command Arguments are displayed in which color? - Answer- Green.
Command components of a search are displayed in which color? - Answer- Blue.
Commands that create statistics and visuals are called what? - Answer- Transforming
Commands.
Do the "!=" (Not equal to) and the Boolean "NOT" do the same thing? - Answer- No,
they can return different results.
Function components of a search display in which color? - Answer- Purple.
, How is the asterisk used in Splunk search language? - Answer- As wildcards.
How many times do files get indexed using the upload input option? - Answer- Once.
How many values are shown by default when using Top with your rare command? -
Answer- Ten values are shown by default.
In a search, are Field names case sensitive? - Answer- Yes.
In a search, are values case sensitive? - Answer- No.
In most Splunk Deployments what serves as the primary way data is supplied for
indexing? - Answer- Forwarders.
In Splunk search language how would you say "not equal to "? - Answer- "!="
In which search mode is field discovery disabled? - Answer- Fast.
Is machine data always structured? - Answer- No.
Is Machine data only generated by web servers? - Answer- No.
Machine data makes up more that what percentage of the data accumulated by
organizations? - Answer- 90%.
Out of those who can access the web page who can see an embedded report? -
Answer- Anyone.
Search strings are sent from where? - Answer- The Search Head.
Splunk Alerts are based on what? - Answer- Searches that run on scheduled intervals
or in real time.
The count command does what? - Answer- Returns a count of events matching search
criteria.
The Rare command does what? - Answer- It shows the least common values of a field
set.
To Keep from overwriting existing fields with your Lookup you can use which clause? -
Answer- The Outputnew clause.
What are Data Models made up of? - Answer- Datasets.
What are search requests processed by? - Answer- The Indexers.
QUESTIONS AND CORRECT
DETAILED ANSWERS|ALREADY
GRADED A+
"#" denotes what type of string value? - Answer- numerical.
"@" is used in a time range search to do what function? - Answer- It is used to round
down to the nearest unit of specified time.
"a" denotes which type of field value? - Answer- A string value.
A shared search job will remain active for how long? - Answer- 7 days.
After "Time" the most powerful types of filters for searching are what? - Answer- Index,
Source, Host, Source type.
Are lookup field values case sensitive by default? - Answer- Yes in a Lookup they are.
(but not in a search)
Boolean components of a search are displayed in which color? - Answer- Orange.
Boolean operation has an order of evaluation, what is it? - Answer- NOT, OR, AND.
By default, a search job will remain active for how long after it's ran? - Answer- 10
minutes.
Can Pivots be saved as reports panels? - Answer- Yes.
Can you launch and manage apps from the home app? - Answer- Yes.
Command Arguments are displayed in which color? - Answer- Green.
Command components of a search are displayed in which color? - Answer- Blue.
Commands that create statistics and visuals are called what? - Answer- Transforming
Commands.
Do the "!=" (Not equal to) and the Boolean "NOT" do the same thing? - Answer- No,
they can return different results.
Function components of a search display in which color? - Answer- Purple.
, How is the asterisk used in Splunk search language? - Answer- As wildcards.
How many times do files get indexed using the upload input option? - Answer- Once.
How many values are shown by default when using Top with your rare command? -
Answer- Ten values are shown by default.
In a search, are Field names case sensitive? - Answer- Yes.
In a search, are values case sensitive? - Answer- No.
In most Splunk Deployments what serves as the primary way data is supplied for
indexing? - Answer- Forwarders.
In Splunk search language how would you say "not equal to "? - Answer- "!="
In which search mode is field discovery disabled? - Answer- Fast.
Is machine data always structured? - Answer- No.
Is Machine data only generated by web servers? - Answer- No.
Machine data makes up more that what percentage of the data accumulated by
organizations? - Answer- 90%.
Out of those who can access the web page who can see an embedded report? -
Answer- Anyone.
Search strings are sent from where? - Answer- The Search Head.
Splunk Alerts are based on what? - Answer- Searches that run on scheduled intervals
or in real time.
The count command does what? - Answer- Returns a count of events matching search
criteria.
The Rare command does what? - Answer- It shows the least common values of a field
set.
To Keep from overwriting existing fields with your Lookup you can use which clause? -
Answer- The Outputnew clause.
What are Data Models made up of? - Answer- Datasets.
What are search requests processed by? - Answer- The Indexers.
