Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Splunk
Splunk Core Certified User
SPLK-1001
Splunk Core Certified User Questions and Answers

Pass the Splunk Core Certified User SPLK-1001 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam SPLK-1001 Premium Access

View all detail and faqs for the SPLK-1001 exam

Go to Exam

704 Students Passed

92% Average Score

96% Same Questions

Viewing page 7 out of 8 pages

Viewing questions 61-70 out of questions

Questions # 61:

What are Splunk alerts based on?

Options:

Dashboards

Searches

Webhooks

Reports

Answer

Explanation

Splunk alerts are based on searches that run on a schedule or in real time. You can use alerts to monitor for and respond to specific events or conditions in your data. Alerts use a saved search to look for events in real time or on a schedule. Alerts trigger when search results meet specific conditions. You can use alert actions to respond when alerts trigger, such as sending an email, running a script, or creating a ticket1.

You can create alerts from the Search app, the Alerts page, or the Dashboards app. You can also use the Splunk Web framework to create custom alert actions using Python or JavaScript1.

Dashboards, webhooks, and reports are not the basis for Splunk alerts, although they can be related to them. Dashboards are collections of views that display data visually in a variety of ways. You can add alert panels to dashboards to show the status of your alerts2. Webhooks are a type of alert action that send HTTP POST requests to a specified URL when an alert triggers. You can use webhooks to integrate Splunk alerts with external systems or applications3. Reports are saved searches that include additional attributes such as a visualization type, permissions, and an optional description. You can create reports from search results and add them to dashboards as panels. You can also use reports as the basis for scheduled or real-time alerts.

References

Getting started with alerts

Add an alert panel to a dashboard

Use webhooks with Splunk Enterprise

[Create and edit reports]

Questions # 62:

In the Search and Reporting app, which tab displays timecharts and bar charts?

Options:

Events

Patterns

Statistics

Visualization

Answer

Explanation

[Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Aboutreportingcommands, ]

Questions # 63:

This function of the stats command allows you to return the sample standard deviation of a field.

Options:

stdev

dev

count deviation

by standarddev

Answer

Questions # 64:

Monitor option in Add Data provides _______________.

Options:

Only continuous monitoring.

Only One-time monitoring.

None of the above.

Both One-time and continuous monitoring

Answer

Questions # 65:

Which search will return the 15 least common field values for the dest_ip field?

Options:

sourcetype=firewall | rare num=15 dest_ip

sourcetype=firewall | rare last=15 dest_ip

sourcetype=firewall | rare count=15 dest_ip

sourcetype=firewall | rare limit=15 dest_ip

Answer

Explanation

[Reference: https://answers.splunk.com/answers/41928/add-a-lookup-csv-colum-information-to-the-results-ofa-inputlookup-search.html, ]

Questions # 66:

How can results from a specified static lookup file be displayed?

Options:

lookup command

inputlookup command

Settings > Lookups > Input

Settings > Lookups > Upload

Answer

Questions # 67:

Which of the following is the appropriately formatted SPL search?

Options:

index=security sourcetype=linux secure (invalid OR failed) | stats count as

"Potential Issues"

index=security sourcetype=linux secure (invalid OR failed) | stats as

"Potential Issues"

index—security sourcetype=linux secure (invalid OR failed) | count stats as

"Potential Issues"

index—security sourcetype=linux secure (invalid OR failed) | count as "Potential Issues"

Answer

Explanation

This is the appropriately formatted SPL search because it follows the SPL syntax rules12, such as:

Using the = operator to specify field-value pairs, such as index=security and sourcetype=linux.

Using the OR operator to combine multiple values for the same field, such as (invalid OR failed).

Using the | character to separate commands, such as stats count as "Potential Issues".

Using the as keyword to rename fields, such as count as "Potential Issues".

Questions # 68:

What is the primary use for the rare command1?

Options:

To sort field values in descending order

To return only fields containing five or fewer values

To find the least common values of a field in a dataset

To find the fields with the fewest number of values across a dataset

Answer

Questions # 69:

By default, which role contains the minimum permissions required to have write access to Splunk alerts?

Options:

User

Alerting

Power

Admin

Answer

Explanation

The Power role contains the minimum permissions required to have write access to Splunk alerts. The User role can only view alerts created by others, but cannot create or modify them. The Alerting role is not a default role in Splunk, but a custom one that can be created by an administrator. The Admin role has write access to Splunk alerts, but also has many other permissions that are not necessary for alerting3.

Questions # 70:

What does the values function of the stats command do?