NEW QUESTION 1
Which command is used to review the contents of a specified static lookup file?

• A. lookup
• B. csvlookup
• C. inputlookup
• D. outputlookup

Answer: C

NEW QUESTION 2
What must be done in order to use a lookup table in Splunk?

• A. The lookup must be configured to run automatically.
• B. The contents of the lookup file must be copied and pasted into the search bar.
• C. The lookup file must be uploaded to Splunk and a lookup definition must be created.
• D. The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Answer: C

NEW QUESTION 3
The default host name used in Inputs general settings can not be changed.

• A. False
• B. True

Answer: A

NEW QUESTION 4
Which is primary function of the timeline located under the search bar?

• A. To differentiate between structured and unstructured events in the data.
• B. To sort the events returned by the search command in chronological order.
• C. To zoom in and zoom out, although this does not change the scale of the chart.
• D. To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.

Answer: D

NEW QUESTION 5
You can on-board data to Splunk using following means (Choose four.):

• A. Props
• B. CLI
• C. Splunk Web
• D. savedsearches.conf
• E. Splunk apps and add-ons
• F. indexes.conf
• G. inputs.conf
• H. metadata.conf

Answer: BCEG

NEW QUESTION 6
In the fields sidebar, which character denotes alphanumeric field values?

• A. #
• B. %
• C. a
• D. a#

Answer: B

NEW QUESTION 7
What is the purpose of using a by clause with the stats command?

• A. To group the results by one or more fields.
• B. To compute numerical statistics on each field.
• C. To specify how the values in a list are delimited.
• D. To partition the input data based on the split-by fields.

Answer: A

NEW QUESTION 8
What happens when a field is added to the Selected Fields list in the fields sidebar?

• A. Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
• B. Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
• C. Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
• D. The selected field and its corresponding values will appear underneath the events in the search results.

Answer: D

NEW QUESTION 9
What is the primary use for the rare command?

• A. To sort field values in descending order.
• B. To return only fields containing five of fewer values.
• C. To find the least common values of a field in a dataset.
• D. To find the fields with the fewest number of values across a dataset.

Answer: C

NEW QUESTION 10
Which of the following is the most efficient filter for running searches in Splunk?

• A. Time
• B. Fast mode
• C. Sourcetype
• D. Selected Fields

Answer: C

NEW QUESTION 11
What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

• A. the_questionnaire _pedia
• B. the_questionnaire pedia
• C. the_questionnaire_pedia
• D. the_questionnaire Pedia

Answer: C

NEW QUESTION 12
Upload option creates inputs.conf

• A. Yes
• B. No

Answer: B

NEW QUESTION 13
When viewing the results of a search, what is an Interesting Field?

• A. A field that appears in any event.
• B. A field that appears in every event.
• C. A field that appears in the top 10 events.
• D. A field that appears in at least 20% of the events.

Answer: D

NEW QUESTION 14
Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

• A. Save the search as a report and use it in multiple dashboards as needed.
• B. Save the search as a dashboard panel for each dashboard that needs the data.
• C. Save the search as a scheduled alert and use it in multiple dashboards as needed.
• D. Export the results of the search to an XML file and use the file as the basis of the dashboards.

Answer: D

NEW QUESTION 15
How can another user gain access to a saved report?

• A. The owner of the report can edit permissions from the Edit dropdown.
• B. Only users with an Admin or Power User role can access other users’ reports.
• C. Anyone can access any reports marked as public within a shared Splunk deployment.
• D. The owner of the report must clone the original report and save it to their user account.

Answer: A

NEW QUESTION 16
What options do you get after selecting timeline? (Choose four.)

• A. Zoom to selection
• B. Format Timeline
• C. Deselect
• D. Delete
• E. Zoom Out

Answer: ABCE

NEW QUESTION 17
Select the correct option that applies to Index time processing (Choose three.).

• A. Indexing
• B. Searching
• C. Parsing
• D. Settings
• E. Input

Answer: ACE

NEW QUESTION 18
All components are installed and administered in Splunk Enterprise on-premise.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Explanation/Reference:
B. False
Answer:

NEW QUESTION 19
Which symbol is used to snap the time?

• A. @
• B. &
• C. *
• D. #

Answer: A

NEW QUESTION 20
Splunk index time process can be broken down into _____ phases.

• A. 3
• B. 2
• C. 4
• D. 1

Answer: A

NEW QUESTION 21
......