Intro to Splunk

Which of the following booleans can be used in a search?

ALSO

OR

NOT

AND

OR

NOT

AND

Which search mode behaves differently depending on the type of search being run?

Variable

Fast

Smart

Verbose

Smart

When a search is run, in what order are events returned?

Alphanumeric order

Reverse chronological order

Chronological order

Reverse alphanumeric order

Reverse chronological order

Which Splunk infrastructure component stores ingested data?

Index

Datasets

Dashboards

Data models

Index maybe dashboards?

What is the most efficient way to limit search results returned?

host

source

time

index

time

Which of the following searches will return results containing the words fail, failure, or failed?

fail

*fail

fail+

fail*

fail*

Which of the following searches will return results containing the phrase "failed password"?

"failed password"

failed password

`failed password`

(failed password)

"failed password"

failed password

By default, how long does a search job remain active?

30 minutes

7 days

10 minutes

10 minutes

Which command can be used to further filter results in a search?

filter

subset

subsearch

search

filter

What determines the timestamp shown on returned events in a search?

Timestamps are displayed in Greenwich Mean Time

Timestamps are displayed in epoch time

The time zone defined in user settings

The time zone where the event originated

The time zone defined in user settings

What are the default roles in Splunk Enterprise?

Admin

User

Manager

Power

Admin, User, Power

Which character is used in a search before a command?

A pipe (|)

A backtick (`)

A quotation mark (")

A tilde (~)

A pipe (|)