Which statement is true about Splunk alerts?

1. Alerts are based on searches that are either run on a scheduled interval or in real-time. B. Alerts are based on searches and when triggered will only send an email notification.
2. Alerts are based on searches and require cron to run on scheduled interval. D. Alerts are based on searches that are run exclusively as real-time.

A.

Alerts are based on searches that are either run on a scheduled interval or in real-time

B.

Alerts are based on searches that are either run on a scheduled interval or in real-time.

C.

Alerts are based on searches and when triggered will only send an email notification.

D.

Alerts are based on searches and require cron to run on scheduled interval. 

E.

Alerts are based on searches that are run exclusively as real-time

What can be configured using the Edit Job Settings menu?

A.

Export the results to CSV format

B.

Add the Job results to a dashboard

C.

Schedule the Job to re-run in 10 minutes

D.

Change Job Lifetime from 10 minutes to 7 days.

Which command is used to validate a lookup file?

A.

| lookup products.csv

B.

inputlookup products.csv

C.

I inputlookup products.csv

D.

lookup definition products.csv

Which stats command function provides a count of how many unique values exist for a given field in the result set?

A.

dc(field)

B.

count(field)

C.

count-by(field)

D.

distinct-count(field)

What user interface component allows for time selection?

A.

Time summary

B.

Time range picker

C.

Search time picker

D.

Data source time statistics

When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?

A.

1. $SPLUNK_HOME/bin/scripts

B.

$SPLUNK_HOME/etc/scripts

C.

$SPLUNK_HOME/bin/etc/scripts

D.

$SPLUNK_HOME/etc/scripts/bin

When editing a dashboard, which of the following are possible options? (select all that apply)

A.

Add an output.

B.

Export a dashboard panel.

C.

Modify the chart type displayed in a dashboard panel.

D.

Drag a dashboard panel to a different location on the dashboard.

Which of the following index searches would provide the most efficient search performance?

A.

index=*

B.

index=web OR index=s*

C.

(index=web OR index=sales)

D.

*index=sales AND index=web

At index time, in which field does Splunk store the timestamp value?

A.

time

B.

EventTime

C.

timestamp

Which statement is true about the top command?

A.

It returns the top 10 results

B.

It displays the output in table format

C.

It returns the count and percent columns per row

D.

All of the above