SPLK-1001 Practice Test

When displaying results of a search, which of the following is true about line charts?

A.

Line charts are optimal for single and multiple series.

 

B.

Line charts are optimal for single series when using Fast mode.

C.

Line charts are optimal for multiple series with 3 or more columns.

D.

Line charts are optimal for multiseries searches with at least 2 or more columns.

A collection of items containing  things such as data inputs, UI elements,  and knowledge objects is known as what?

 

1.  

A.

An app

B.

JSON

C.

A role

D.

An enhanced solution

Which of the following fields is stored with the events in the index?

 

 

A.

user

 

B.

source

C.

location 

D.

sourcelp

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

 

 

A.

Save the search as a report and use it in multiple dashboards as needed

 

B.

Save the search as a dashboard panel for each dashboard that needs the data

 

C.

Export the results of the search to an XML file and use the file as the basis of the dashboards

What must be done in order to use a lookup table in Splunk?

 

 

A.

The lookup must be configured to run automatically.

 

B.

The contents of the lookup file must be copied and pasted into the search bar.

 

C.

The lookup file must be uploaded to Splunk and a lookup definition must be created.

 

D.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.