15/01/2020 Test : Splunk Core Certified User | Quizlet

NOM

Écrivez la réponse à ces 5 questions

1. What are the three main methods for creating tables and visualizations in Splunk?
65 %
INCORRECT

search , pivot ,
LA RÉPONSE

1) Running a Report.
2) Using the Pivot interface.
3) Using the transforming commands in the search bar.

2. What search command changes the name of a field to a different specified name?

CORRECT

Rename

3. Which Splunk component supplies data to be indexed?

INCORRECT

Fowarders
LA RÉPONSE

Forwarders

4. Which apps ship with Splunk Enterprise?

(Select all that apply.)

A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect

INCORRECT

C
LA RÉPONSE

A) Home App
C) Search & Reporting

5. Which CLI command is used to...

Show the port that the splunkd listens on

INCORRECT

Aucune réponse n'a été donnée

LA RÉPONSE

splunk show splunkd-port

Associez la bonne réponse à chacune de ces 5 questions

https://quizlet.com/349146707/test 1/5
15/01/2020 Test : Splunk Core Certified User | Quizlet

1. 1) Presets (default) A. What are the three ways can you share a particular search
2) Relative you've created?
3) Real-time
4) Date Range B. Which of the following is a valid CIDR aware Splunk search:
5) Date & Time Range
6) Advanced A) clientip="141.146.8.0/24"
B) clientip="141.146.8.*"
CORRECT
C) Both A & B
E. What are the six time range tabs in the time picker drop
D) None of the above
down menu?

2. C) Both A & B C. What are the three main processing components of

Splunk?
CORRECT

B. Which of the following is a valid CIDR aware Splunk

(Select all that apply.)
search:

A) Indexers
A) clientip="141.146.8.0/24"
B) Deployment Maker
B) clientip="141.146.8.*"
C) Search Heads
C) Both A & B
D) Forwarders
D) None of the above
E) Distributors

3. A) Indexers
D. What does the following search do?
C) Search Heads
D) Forwarders
index=web sourcetype=access_* status=503 | stats
CORRECT
sum(price) as lost_revenue | eval lost_revenue = "$" +
C. What are the three main processing components of tostring(lost_revenue, "commas")
Splunk?
E. What are the six time range tabs in the time picker drop
(Select all that apply.) down menu?

A) Indexers
B) Deployment Maker
C) Search Heads
D) Forwarders
E) Distributors

4. In the bottom right of the search bar there are job options,
which allow you to do the following:

1) Obtain a sharable link for the search/results.

2) Print the Search results.
3) Save the search results as a PDF.

CORRECT

A. What are the three ways can you share a particular

search you've created?

https://quizlet.com/349146707/test 2/5
15/01/2020 Test : Splunk Core Certified User | Quizlet

5. 1) Return all web index entries for status of 503.

2) Calculate the sum of the price field and name it
lost_revenue.
3) Format the lost_revenue field so that it is a string that starts
with $ and has commas.

CORRECT

D. What does the following search do?

index=web sourcetype=access_* status=503 | stats sum(price)

as lost_revenue | eval lost_revenue = "$" +
tostring(lost_revenue, "commas")

5 questions à choix multiple

1. Machine data makes up for more than ___% of the data accumulated by organizations.

A. average (or avg)

"access denied"

B. Inclusion is generally better than exclusion. Searching for "access denied" is faster than NOT "access granted"

C. 90

D. Splunk DB Connect

2. What are the two ways to create a report?

A. 1) Pivot
2) Search

1) Selected Fields (the configured default events)

2) Interesting Fields (frequently observed events)

B. 3) All Fields (link to every field)

1) Search terms
2) Commands
3) Functions
4) Arguments

C. 5) Clauses

D. D) All of the above.

3. T/F:
Matching search terms are highlighted.

A. False

B. B) 10

C. B) AND

D. True

https://quizlet.com/349146707/test 3/5
15/01/2020 Test : Splunk Core Certified User | Quizlet

4. All of Splunk's configurations are written within what file type?

A. splunk enable boot-start -user

B. Plain text .conf files.

C. splunk [start | stop | restart] <process_name>

age

D. (using the imestamps)

5. Searching exact phrases, such as best effort or unit 0837 require the use of what?

1) timestamp
2) host
3) source

A. 4) sourcetype

B. Quotation marks, i.e. ...

"best effort" or "unit 0837"

C. Look back from two days ago, up to the beginning of today.

sort -FieldName
OR
sort +FieldName

i.e. ...

D. | sort -VendorCountry, +VendorStateProvince

5 questions vrai/faux

1. T/F:
Machine data is only generated by web servers. → False

INCORRECT

Faux
LA RÉPONSE

Vrai

2. How would you access recent or saved search jobs? → When the items searched against have punctuation, such as SF-
RT_5G01

A typical search would be: productID=S*G01

But due to the way Splunk indexes punctuation (such as underscore or dash), this search would likely fail.

INCORRECT

Vrai
LA RÉPONSE

Faux
Réponse correcte : → Click the Activity drop down menu in the top right of the search app and then select the Jobs
option.

https://quizlet.com/349146707/test 4/5
15/01/2020 Test : Splunk Core Certified User | Quizlet

3. What are the three required parts of a pivot? → The pivot command is a generating command and must be first in a search
pipeline. It requires a large number of inputs: the data model, the data model object, and pivot elements.

...| pivot <datamodel-name> <object-name> <pivot-element>

CORRECT

Vrai

4. What are the two Search Assistant modes? → 1) Pivot

2) Search

INCORRECT

Vrai
LA RÉPONSE

Faux
Réponse correcte : → 1) Compact
2) Full

5. When creating a search, certain keywords will be colored by syntax. What does the following color map to?...

Green → splunk start --accept-license

CORRECT

Faux
Réponse correcte : → Green = Command Arguments

https://quizlet.com/349146707/test 5/5