When running searches command modifiers in the search string are displayed in what color?
A.
Red
B.
Blue
C.
Orange
D.
Highlighted
Orange
How do you add or remove fields from search results?
A.
Use field +to add and field -to remove.
B.
Use table +to add and table -to remove.
C.
Use fields +to add and fields –to remove.
D.
Use fields Plus to add and fields Minus to remove.
Use fields +to add and fields –to remove.
What are the steps to schedule a report?
A.
After saving the report, click Schedule.
B.
After saving the report, click Event Type.
C.
C. After saving the report, click Scheduling.
D.
After saving the report, click Dashboard Panel
After saving the report, click Schedule.
By default, how long does Splunk retain a search job?
A.
10 Minutes
B.
15 Minute
C.
1 Day
D.
7 Days
10 Minutes
Which Boolean operator is implied between search terms, unless otherwise specified?
A.
A. OR
B.
AND
C.
NOT
D.
NAND
A. OR
What is a primary function of a scheduled report?
A.
B.
Auto-generated PDF reports of overall data trends
C.
Regularly scheduled archiving to keep disk space use low
D.
Triggering an alert in your Splunk instance when certain conditions are met
Triggering an alert in your Splunk instance when certain conditions are met
Which search string is the most efficient?
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
A.
|
B.
$
C.
!
D.
,
,
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
A.
|
B.
$
C.
!
D.
D. ,
D. ,
Which search string is the most efficient?
A. "failed password"
B. ''failed password"*
C. index=* "failed password"
D. index=security "failed password"
Which search string matches only events with the status_code of 4:4?
A.
status_code !=404
B.
status_code>=400
C.
status_code<=404
D.
status code>403 status_code<40
status_code>=400
| Page 6 out of 25 Pages |
| Previous |
Copyright © - All Rights Reserved