Free SPLK-1001 Splunk Updates

Splunk Core Certified User Questions and Answers

Question 5

How to make Interesting field into a selected field?

Click field in field sidebar -> click YES on the pop-up dialog on upper right side -> check now field should

be visible in the list of selected fields.

Not possible.

Only CLI changes will enable it.

Click Settings -> Find field option -> Drop down select field -> enable selected field -> check now field

should be visible in the list of selected fields.

Question 6

What is the primary use for the rare command1?

To sort field values in descending order

To return only fields containing five or fewer values

To find the least common values of a field in a dataset

To find the fields with the fewest number of values across a dataset

Question 7

What must be done in order to use a lookup table in Splunk?

The lookup must be configured to run automatically.

The contents of the lookup file must be copied and pasted into the search bar.

The lookup file must be uploaded to Splunk and a lookup definition must be created.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Question 8

Splunk automatically determines the source type for major data types.

False

True