Which of the following is an option after clicking an item in search results?

A.

Saving the item to a report

B.

Adding the item to the search. 

C.

Adding the item to a dashboard 

D.

Saving the search to a JSON file.

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

A.

App, Owner, Severity, and Type

B.

App, Owner, Priority, and Status

C.

App, Dashboard, Severity, and Type

D.

App, Time Window, Type, and Severity

When placed early in a search, which command is most effective at reducing search execution time?

A.

dedup

B.

rename

C.

sort -

D.

fields +

When displaying results of a search, which of the following is true about line charts?

A.

Line charts are optimal for single and multiple series.

B.

Line charts are optimal for single series when using Fast mode.

C.

Line charts are optimal for multiple series with 3 or more columns.

D.

Line charts are optimal for multiseries searches with at least 2 or more columns.

A collection of items containing  things such as data inputs, UI elements,  and knowledge objects is known as what?

A.

An app

B.

JSON

C.

A role

D.

An enhanced solution

Which of the following fields is stored with the events in the index?

A.

user

B.

source

C.

location 

D.

sourcelp

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

A.

Save the search as a report and use it in multiple dashboards as needed

B.

Save the search as a dashboard panel for each dashboard that needs the data

C.

Export the results of the search to an XML file and use the file as the basis of the dashboards

What must be done in order to use a lookup table in Splunk?

A.

The lookup must be configured to run automatically.

B.

The contents of the lookup file must be copied and pasted into the search bar.

C.

The lookup file must be uploaded to Splunk and a lookup definition must be created.

D.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

What is a suggested Splunk best practice for naming reports?

A.

Reports are best named using many numbers so they can be more easily sorted.

B.

Use a consistent naming convention so they are easily separated by characteristics such as group and object.

C.

Name reports as uniquely as possible with no overlap to differentiate them from one another.

D.

Any naming convention is fine as long as you keep an external spreadsheet to keep track.

What does the following specified time range do?

earliest=-72h@h  latest=@d

A.

Look back 3 days ago and prior

B.

Look back 72 hours up to one day ago

C.

Look back 72 hours, up to the end of today

D.

Look back from 3 days ago up to the beginning of today

Which of the following is true about user account settings and preferences?

A.

Search & Reporting is the only app that can be set as the default application.

B.

Full names can only be changed by accounts with a Power User or Admin role.

C.

Time zones are automatically updated based on the setting of the computer accessing Splunk.

D.

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Which of the following are common constraints of the top command?

A.

limit, count

B.

limit, showpercent

C.

limits, countfield

D.

showperc, countfield