Strona 2
Splunk
Pytanie 9
Which of the following is true about user account settings and preferences?
Time zones are automatically updated based on the setting of the computer accessing Splunk.
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
Search & Reporting is the only app that can be set as the default application.
Full names can only be changed by accounts with a Power User or Admin role.
Pytanie 10
After running a search, what effect does clicking and dragging across the timeline have?
Filters current search results.
Expands the time range of the search.
Executes a new search.
Moves to past or future events.
Pytanie 11
What must be done in order to use a lookup table in Splunk?
The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion
The lookup must be configured to run automatically.
The lookup file must be uploaded to Splunk and a lookup definition must be created.
The contents of the lookup file must be copied and pasted into the search bar.
Pytanie 12
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
|
,
!
$
Pytanie 13
Which of the following statements about case sensitivity is true?
Field values ARE case sensitive; field names ARE NOT.
Field names ARE case sensitive; field values are NOT.
Both field names and field values ARE NOT case sensitive.
Both field names and field values ARE case sensitive.
Pytanie 14
What does the rare command do?
Returns the lowest 10 field values of a given field in the results.
Returns the top 10 field values of a given field in the results.
Returns the most common field values of a given field in the results.
Returns the least common field values of a given field in the results.
Pytanie 15
What does the values function of the stats command do?
Returns a count of unique values for a given field.
Returns the number of events that match the search.
Lists all values of a given field.
Lists unique values of a given field.
Pytanie 16
How do you add or remove fields from search results?
Use table +to add and table -to remove.
Use field +to add and field -to remove.
Use fields Plus to add and fields Minus to remove.
Use fields +to add and fields –to remove.