In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string

A.

No events will be returned.

B.

Splunk will prompt you to specify an index.

C.

All non-indexed events to which the user has access will be returned.

D.

Events from every index searched by default to which the user has access will be returned.

Which search matches the events containing the terms "error" and "fail"?

A.

index=security Error Fail

B.

index=security error OR   fail

C.

index=security "error failure"

D.

index=security NOT error NOT fail

Which of the following is an option after clicking an item in search results?

A.

Saving the item to a report

B.

Adding the item to the search. 

C.

Adding the item to a dashboard 

D.

Saving the search to a JSON file.

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

A.

App, Owner, Severity, and Type

B.

App, Owner, Priority, and Status

C.

App, Dashboard, Severity, and Type

D.

App, Time Window, Type, and Severity

When placed early in a search, which command is most effective at reducing search execution time?

A.

dedup

B.

rename

C.

sort -

D.

fields +

When displaying results of a search, which of the following is true about line charts?

A.

Line charts are optimal for single and multiple series.

B.

Line charts are optimal for single series when using Fast mode.

C.

Line charts are optimal for multiple series with 3 or more columns.

D.

Line charts are optimal for multiseries searches with at least 2 or more columns.

A collection of items containing  things such as data inputs, UI elements,  and knowledge objects is known as what?

A.

An app

B.

JSON

C.

A role

D.

An enhanced solution

Which of the following fields is stored with the events in the index?

A.

user

B.

source

C.

location 

D.

sourcelp

Which of the following is the recommended way to create multiple dashboards displaying data from the same search?

A.

Save the search as a report and use it in multiple dashboards as needed

B.

Save the search as a dashboard panel for each dashboard that needs the data

C.

Export the results of the search to an XML file and use the file as the basis of the dashboards

What must be done in order to use a lookup table in Splunk?

A.

The lookup must be configured to run automatically.

B.

The contents of the lookup file must be copied and pasted into the search bar.

C.

The lookup file must be uploaded to Splunk and a lookup definition must be created.

D.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.