Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link </query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?
- A . <option name “link.openSearch.viewTarget">$row.link$</option> B. <drilldown>
<link target=“ blank">$$row.link$$</link> </drilldown> - B . <drilldown>
<link target="_blank">$row.link|n$</link> </drilldown> - C . <drilldown>
<link target “_blank">http://localhost:8000/debug/refresh</link> </drilldown>
A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/BuildandeditdashboardswithSimplifiedXML
When updating a knowledge object via REST, which of the following are valid values for the sharing Access Control List property?
- A . App
- B . User
- C . Global
- D . Nobody
A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Which of the following are ways to get a list of search jobs? (Select all that apply.)
- A . Access Activity > Jobs with Splunk Web.
- B . Use Splunk REST to query the /services/search/jobs endpoint.
- C . Use Splunk REST to query the /services/saved/searches endpoint.
- D . Use Splunk REST to query the /services/search/sid/results endpoint.
AB
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Search/SupervisejobswiththeJobspage
Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)
- A . Add custom layouts.
- B . Add custom graphics.
- C . Add custom behaviors.
- D . Limit Splunk license consumption based on host.
AC
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/visualizedata/usewebframework/modifydashboards/
How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)
- A . No need to do anything, it is turned on by default.
- B . When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.
- C . When a new HEC token is created in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
- D . When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
CD
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/UsetheHTTPEventCollector
After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance. After logging in to the new instance, the dashboard is not seen.
What could have happened? (Select all that apply.)
- A . The dashboard’s permissions were set to private.
- B . User role permissions are different on the new instance.
- C . The admin deleted the myApp/local directory before packaging.
- D . Changes were placed in: $SPLUNK_HOME/etc/apps/search/default/data/ui/nav
AB
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/DashboardPermissions
Which of the following statements define a namespace?
- A . The namespace is a combination of the user and the app.
- B . The namespace is a combination of the user, the app, and the role.
- C . The namespace is a combination of the user, the app, the role, and the sharing level.
- D . The namespace is a combination of the user, the app, the role, the sharing level, and the permissions.
Which of the following are characteristics of an add-on? (Select all that apply.)
- A . Requires navigation file.
- B . Occupies a unique namespace within Splunk.
- C . Can depend on add-ons for correct operation.
- D . Contains technology or components not intended for reuse by other apps.
Which of the following statements describe oneshot searches? (Select all that apply.)
- A . Are always executed asynchronously.
- B . Can specify csv as an output format.
- C . Stream all results upon search completion.
- D . Can use auto_cancel to set a timeout limit.
BC
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/devtools/java/sdk-java/howtousesdkjava/howtoworkjobjava/
Which of the following options would be the best way to identify processor bottlenecks of a search?
- A . Using the REST API.
- B . Using the search job inspector.
- C . Using the Splunk Monitoring Console.
- D . Searching the Splunk logs using index=“ internal”.
Which of the following is true of a namespace?
- A . The namespace is a type of token filter.
- B . The namespace includes an app attribute which cannot be a wildcard.
- C . The namespace filters the knowledge objects returned by the REST API.
- D . The namespace does not filter knowledge objects returned by the REST API.
What must be done when calling the serviceNS endpoint?
- A . Authenticate with an admin user.
- B . Specify the user and app context in the URI.
- C . Authenticate with the user of the required context.
- D . Pass the user and app context in the request payload.
B
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?
- A . /servicesNS/-/data/saved/searches/mySearch
- B . /servicesNS/object/saved/searches/mySearch
- C . /servicesNS/search/saved/searches/mySearch
- D . /servicesNS/-/search/saved/searches/mySearch
D
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Using Splunk Web to modify config settings for a shared object, a revised config file with those changes is placed in which directory?
- A . $SPLUNK_HOME/etc/apps/myApp/local
- B . $SPLUNK_HOME/etc/system/default/C. $SPLUNK_HOME/etc/system/local
- C . $SPLUNK_HOME/etc/apps/myApp/default
A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Howtoeditaconfigurationfile
What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)
- A . Review the OWASP Top Ten List.
- B . Store passwords in clear text in .conf files.
- C . Review the OWASP Secure Coding Practices Quick Reference Guide.
- D . Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.
AC
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/testvalidate/securitybestpractices/
There is a global search named “global_search” defined on a form as shown below:
<search id=“global_search”>
<query>
index-_internal source-*splunkd.log | stats count by component, log_level
</query>
</search>
Which of the following would be a valid post-processing search? (Select all that apply.)
- A . | tstats count
- B . sourcetype=mysourcetype
- C . stats sum(count) AS count by log level
- D . search log_level=error | stats sum(count) AS count by component
CD
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/Savedsearches
In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)
- A . Cannot use event sampling.
- B . Use a transforming command.
- C . Use a standard Splunk visualization.
- D . Commands before the first transforming command must be streamable.
ABD
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Knowledge/Manageacceleratedsearchsummaries
Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)
- A . Multiple tokens can be created for use with different sourcetypes and indexes.
- B . The edit token http admin role capability is required to create a token.
- C . To create a token, send a POST request to services/collector endpoint.
- D . Tokens can be edited using the data/inputs/http/{tokenName} endpoint.
Which type of command is tstats?
- A . Generating
- B . Transforming
- C . Centralized streaming
- D . Distributable streaming
A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Tstats
Which of the following is an example of a Splunk KV store use case? (Select all that apply.)
- A . Stores checkpoint data for modular inputs.
- B . Tracks workflow in an incident-review system.
- C . Indexes metrics data from remote HTTP sources.
- D . Stores application state as a user interacts with an app.
AB
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/kvstore/