Splunk Core Certified User SPLK-1001 Book

Splunk Core Certified User Exam Questions and Answers

Question 33

In the fields sidebar, what indicates that a field is numeric?

A number to the right of the field name.

A # symbol to the left of the field name.

A lowercase n to the left of the field name.

A lowercase n to the right of the field name.

Question 34

Select the best options for "search best practices" in Splunk:

(Choose five.)

Select the time range always.

Try to specify index values.

Include as many search terms as possible.

Never select time range.

Try to use * with every search term.

Inclusion is generally better than exclusion.

Try to keep specific search terms.

Question 35

What is one benefit of creating dashboard panels from reports?

Any newly created dashboard will include that report.

There are no benefits to creating dashboard panels from reports.

It makes the dashboard more efficient because it only has to run one search string.

Any change to the underlying report will affect every dashboard that utilizes that report.

Question 36

How can search results be kept longer than 7 days?

By scheduling a report.

By creating a link to the job.

By changing the job settings.

By changing the time range picker to more than 7 days.