When editing a dashboard, which of the following are possible options? (select all that apply)
A.
Add an output.
B.
Export a dashboard panel.
C.
Modify the chart type displayed in a dashboard panel.
D.
Drag a dashboard panel to a different location on the dashboard.
Modify the chart type displayed in a dashboard panel.
Which of the following index searches would provide the most efficient search performance?
A.
index=*
B.
index=web OR index=s*
C.
(index=web OR index=sales)
D.
*index=sales AND index=web
index=*
At index time, in which field does Splunk store the timestamp value?
A.
time
B.
EventTime
C.
timestamp
EventTime
Which statement is true about the top command?
A.
It returns the top 10 results
B.
It displays the output in table format
C.
It returns the count and percent columns per row
D.
All of the above
All of the above
What determines the scope of data that appears in a scheduled report? A. All data accessible to the User role will appear in the report.
A.
All data accessible to the owner of the report will appear in the report.
B.
All data accessible to all users will appear in the report until the next time the report is run.
C.
The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time.
D.
All of the above
All of the above
What determines the scope of data that appears in a scheduled report?
A.
All data accessible to the User role will appear in the report.
B.
All data accessible to the owner of the report will appear in the report.
C.
All data accessible to all users will appear in the report until the next time the report is run.
D.
The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time
The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time
What is the main requirement for creating visualizations using the Splunk UI?
A.
B.
Your search must transform event data into XML formatted data first.
C.
Your search must transform event data into statistical data tables first.
D.
Your search must transform event data into JSON formatted data first.
Your search must transform event data into JSON formatted data first.
How can another user gain access to a saved report?
A.
The owner of the report can edit permissions from the Edit dropdown
B.
Only users with an Admin or Power User role can access other users' reports
C.
Anyone can access any reports marked as public within a shared Splunk deployment
D.
The owner of the report must clone the original report and save it to their user account
The owner of the report can edit permissions from the Edit dropdown
What is the primary use for the rare command1?
A.
To sort field values in descending order
B.
To return only fields containing five or fewer values
C.
To find the least common values of a field in a dataset
D.
To find the fields with the fewest number of values across a dataset
To return only fields containing five or fewer values
What happens when a field is added to the Selected Fields list in the fields sidebar'?
A.
Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Fi
B.
Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
C.
Custom selections will replace the Interesting Fields that Splunk populated into the list at search time
D.
The selected field and its corresponding values will appear underneath the events in the search results
Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Fi
By default, which of the following is a Selected Field?
A.
action
B.
clientip
C.
categoryld
D.
sourcetype
categoryld
According to Splunk best practices, which placement of the wildcard results in the most efficient search?
A.
f*iI
B.
*fail
C.
fail*
D.
'fail
'fail
| Page 4 out of 21 Pages |
| Previous |