Splunk Core Certified Power User Exam Answered

Splunk Core Certified Power User Exam Answered Which of the following searches will return results containing the words fail, failure, or failed? -fail* -fail+ -*fail -fail - Answer- -fail* By default, which of the following roles are required to share knowledge objects? -Power -User -Admin -Manager - Answer- -Power -Admin By default, who is able to view a saved report? -The user who created it -Any user with a power or admin role -Any user with the viewreports capability -Any user with a power or admin role - Answer- -The user who created it Which of the following booleans can be used in a search? -NOT -OR -AND -ALSO - Answer- -NOT -OR -AND Which character is used in a search before a command?} A pipe (|) A backtick (`) A tilde (~) A quotation mark (") - Answer- A pipe (|) When a search is run, in what order are events returned? -Chronological order -Alphanumeric order -Reverse alphanumeric order -Reverse chronological order - Answer- -Reverse chronological order Which of the following searches will return results containing the phrase "failed password"? -(failed password) -failed password -"failed password" -`failed password` - Answer- -"failed password" Which command can be used to further filter results in a search? -subset -filter -subsearch -search - Answer- -search Which Splunk infrastructure component stores ingested data? -Data models -Index -Datasets -Dashboards - Answer- -Index By default, how long does a search job remain active? -10 minutes -30 minutes -7 days - Answer- -10 minutes Which search mode behaves differently depending on the type of search being run? -Fast -Verbose -Smart -Variable - Answer- -Smart Which of the following searches will return results containing the terms failed, password, or failed password? -failed OR password OR "failed password" -failed password OR "failed password" -fail* -failed OR password - Answer- -failed OR password OR "failed password" -failed OR password What are the default roles in Splunk Enterprise? -Admin -User -Manager -Power - Answer- -Admin -User -Power What determines the timestamp shown on returned events in a search? -Timestamps are displayed in Greenwich Mean Time -Timestamps are displayed in epoch time -The time zone where the event originated -The time zone defined in user settings - Answer- -The time zone defined in user settings What is the most efficient way to limit search results returned? -time -index -host -source - Answer- -time At search time, _______ extracts fields from raw event data. -field discovery -field extractor -fields command - Answer- -field discovery Which of the following fields are default selected fields? -source -sourcetype -host -Index - Answer- -source -sourcetype -host At search time, if an event has an equal(=) sign, the data to the left is treated as a ______ and the data to the right is treated as a ______. -lookup, value -field name, sourcetype -lookup, sourcetype -field name, value - Answer- -field name, value True or False: Once you rename a field, the new field name must be used in the rest of the search string. - Answer- TRUE True or False: Fields are knowledge objects. - Answer- TRUE To remove fields from a search, you would use the _________ command. +fields fields- fields+ -fields - Answer- fields- The fields command allows you to do which of the following? Select all that apply. -Exclude fields (fields -) -Include fields (fields +) -Include fields (fields) - Answer- -Exclude fields (fields -) -Include fields (fields +) -Include fields (fields) In the Fields sidebar, Interesting Fields occur in at least ________ of resulting events. -10% -3% -20% -50% - Answer- -20% When using the following search arguments, what will be returned? | timechart count span=1h -events with a duration of 1 hour -events in the last 24 hours -chart of events in 1 hour chunks - Answer- -chart of events in 1 hour chunks What will the strftime function return when using the %H argument with the _time field? -convert the hour into your local time based on your time zone setting of your Splunk web sessions -time of raw event in UTC -hour of the event generated at index time - Answer- -convert the hour into your local time based on your time zone setting of your Splunk web sessions The _______ and _______ time modifiers will override the time range picker in a historical report. -earliest -latest -last -first - Answer- -earliest -latest Which of the following are default time fields? Select all that apply. -date_day -date_mday -date_hour -Date_year - Answer- -date_mday -date_hour -Date_year True or False: @timeUnit will always round up and go forward through time. - Answer- FALSE Choose the search that will sort events into one minute groups. Select all that apply. -| bin _time span=1m -| bin span=1minutes -| bin span=1minute -| bin _time span=1mins - Answer- -| bin _time span=1m -| bin _time span=1mins