What is a quick, comprehensive way to learn what data is present in a Splunk deployment?
Review Splunk reports
Run ./splunk show
Click Data Summary in Splunk Web
Search index=* sourcetype=* host=*
Assuming a user has the capability to edit reports, which of the following are editable?
Acceleration, schedule, permissions
The report's name, schedule, permissions
The report's name, acceleration, schedule
The report's name, acceleration, permissions
Which of the following is a metadata field assigned to every event in Splunk?
What are the two most efficient search filters?
_time and host
_time and index
host and sourcetype
index and sourcetype
Which of the following is the best way to create a report that shows the last 24 hours of events?
Use earliest=-1d@d latest=@d
Set a real-time search over a 24-hour window
Use the time range picket to select "Yesterday"
Use the time range picker to select "Last 24 hours"
When is the pipe character, I, used in search strings?
Before clauses. For example: stats sum(bytes) | by host
Before commands. For example: | stats sum(bytes) by host
Before arguments. For example: stats sum| (bytes) by host
Before functions. For example: stats |sum(bytes) by host
How can results from a specified static lookup file be displayed?
Settings > Lookups > Input
Settings > Lookups > Upload
In the Fields sidebar, what does the number directly to the right of the field name indicate?
The value of the field
The number of values for the field
The number of unique values for the field
The numeric non-unique values of the field
What is the default lifetime of every Splunk search job?
All search jobs are saved for 10 days
All search jobs are saved for 10 hours
All search jobs are saved for 10 weeks
All search jobs are saved for 10 minutes
https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Extendjoblifetimes Question #195
Which search will return the 15 least common field values for the dest_ip field?
sourcetype=firewall | rare num=15 dest_ip
sourcetype=firewall | rare last=15 dest_ip
sourcetype=firewall | rare count=15 dest_ip
sourcetype=firewall | rare limit=15 dest_ip
When is an alert triggered?
When Splunk encounters a syntax error in a search
When a trigger action meets the predefined conditions
When an event in a search matches up with a data model
When results of a search meet a specifically defined condition
What are the three main Splunk components?
Search head, GPU, streamer
Search head, indexer, forwarder
Search head, SQL database, forwarder
Search head, SSD, heavy weight agent
Which statement describes field discovery at search time?
Splunk automatically discovers only numeric fields
Splunk automatically discovers only alphanumeric fields
Splunk automatically discovers only manually configured fields
Splunk automatically discovers only fields directly related to the search results
Which Field/Value pair will return only events found in the index named security?