SPLK-1001 Practice Test

Which statement is true about Splunk alerts?

 

1. Alerts are based on searches that are either run on a scheduled interval or in real-time. B. Alerts are based on searches and when triggered will only send an email notification.
2. Alerts are based on searches and require cron to run on scheduled interval. D. Alerts are based on searches that are run exclusively as real-time.

 

A.

Alerts are based on searches that are either run on a scheduled interval or in real-time

B.

Alerts are based on searches that are either run on a scheduled interval or in real-time.

C.

Alerts are based on searches and when triggered will only send an email notification.

 

D.

Alerts are based on searches and require cron to run on scheduled interval. 

E.

Alerts are based on searches that are run exclusively as real-time

What can be configured using the Edit Job Settings menu?

 

 

A.

Export the results to CSV format

 

B.

Add the Job results to a dashboard

 

C.

Schedule the Job to re-run in 10 minutes

 

D.

Change Job Lifetime from 10 minutes to 7 days.

 

Which command is used to validate a lookup file?

 

 

A.

| lookup products.csv

 

B.

inputlookup products.csv

 

C.

I inputlookup products.csv

 

D.

lookup definition products.csv

Which stats command function provides a count of how many unique values exist for a given field in the result set?

 

A.

dc(field)

B.

count(field)

C.

count-by(field)

D.

distinct-count(field)

 

What user interface component allows for time selection?

A.

Time summary

 

B.

Time range picker

 

C.

Search time picker

 

D.

Data source time statistics