SPLUNK CERTIFICATION EXAM
QUESTIONS AND ANSWERS
What does the time range picker do? - Answer- Allow search by preset times, relative
times. Real time (earliest, latest), date range. Retrieve events over a specific time
period.
Limiting search by ___________ is key to faster results and is a best practice - Answer-
time
The time range picker is set to _________ by default. - Answer- All-time
Search jobs are available after ____ minutes by default. - Answer- 10
________ commands create statistics and visualizations. - Answer- Transforming
________ tab is default tab for searches - Answer- Event
What are the three main search modes? - Answer- Fast, Verbose, and Smart
_______ mode discovery off for event searches. No event or field data for stats
searches. - Answer- Fast
______ mode all events and field data; switches to this mode after visualization -
Answer- Verbose
______ mode (default-based on search string data). Field discovery ON for event
searches. No event or field data for stats searches. - Answer- Smart
This search action button "Job V" does what? - Answer- Edit job settings, send job to
background, inspect and delete job.
This command displays results in ascending or descending order. - Answer- Sort
This command combine fields from external sources to searched events, based on
event field - Answer- Lookup
This command produces statistics of a search result - Answer- Stats command
, This command shows number of events matching search criteria - Answer- Stats count
This command is the sum of numerical value - Answer- Stats Sum command
5 Main components of Splunk ES - Answer- Index Data, Search & investigate, Add
knowledge, Monitor & Alert, Report & Analyze.
What does index data do? (3) - Answer- 1. Collects data
2. Label data with source type
3. Stored in splunk index
Three main roles in splunk? (3) - Answer- Admin, Power, User
An admin does what? - Answer- Install apps, create knowledge objects for all users
(what apps a user will see by default)
A power user does what? - Answer- Creates and shares knowledge objects for users of
app, real-time searches
A Splunk user does what? - Answer- Only see own knowledge objects and those
shared to them.
Apps in Splunk? - Answer- 1. Pre-built dashboards, reports, alerts and workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk? - Answer- Creates knowledge
objects, reports, and dashboards
The seven main components in splunk searching and reporting? - Answer- 1. Splunk
bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
Saved searches are set to ______ by default. - Answer- private
Timestamp seen in events is based on______setting in user account profile - Answer-
time zone
List the three booleans - Answer- AND OR NOT
________boolean is used if none is implied. - Answer- AND
QUESTIONS AND ANSWERS
What does the time range picker do? - Answer- Allow search by preset times, relative
times. Real time (earliest, latest), date range. Retrieve events over a specific time
period.
Limiting search by ___________ is key to faster results and is a best practice - Answer-
time
The time range picker is set to _________ by default. - Answer- All-time
Search jobs are available after ____ minutes by default. - Answer- 10
________ commands create statistics and visualizations. - Answer- Transforming
________ tab is default tab for searches - Answer- Event
What are the three main search modes? - Answer- Fast, Verbose, and Smart
_______ mode discovery off for event searches. No event or field data for stats
searches. - Answer- Fast
______ mode all events and field data; switches to this mode after visualization -
Answer- Verbose
______ mode (default-based on search string data). Field discovery ON for event
searches. No event or field data for stats searches. - Answer- Smart
This search action button "Job V" does what? - Answer- Edit job settings, send job to
background, inspect and delete job.
This command displays results in ascending or descending order. - Answer- Sort
This command combine fields from external sources to searched events, based on
event field - Answer- Lookup
This command produces statistics of a search result - Answer- Stats command
, This command shows number of events matching search criteria - Answer- Stats count
This command is the sum of numerical value - Answer- Stats Sum command
5 Main components of Splunk ES - Answer- Index Data, Search & investigate, Add
knowledge, Monitor & Alert, Report & Analyze.
What does index data do? (3) - Answer- 1. Collects data
2. Label data with source type
3. Stored in splunk index
Three main roles in splunk? (3) - Answer- Admin, Power, User
An admin does what? - Answer- Install apps, create knowledge objects for all users
(what apps a user will see by default)
A power user does what? - Answer- Creates and shares knowledge objects for users of
app, real-time searches
A Splunk user does what? - Answer- Only see own knowledge objects and those
shared to them.
Apps in Splunk? - Answer- 1. Pre-built dashboards, reports, alerts and workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk? - Answer- Creates knowledge
objects, reports, and dashboards
The seven main components in splunk searching and reporting? - Answer- 1. Splunk
bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
Saved searches are set to ______ by default. - Answer- private
Timestamp seen in events is based on______setting in user account profile - Answer-
time zone
List the three booleans - Answer- AND OR NOT
________boolean is used if none is implied. - Answer- AND
