It is mandatory for the lookup file to have this for an automatic lookup to work.

It is mandatory for the lookup file to have this for an automatic lookup to work.A . Source typeB . At least five columnsC . TimestampD . Input filedView AnswerAnswer: D

January 30, 2021 No Comments READ MORE +

Which search will return the 15 least common field values for the dest_ip field?

Which search will return the 15 least common field values for the dest_ip field?A . sourcetype=firewall | rare num=15 dest_ipB . sourcetype=firewall | rare last=15 dest_ipC . sourcetype=firewall | rare count=15 dest_ipD . sourcetype=firewall | rare limit=15 dest_ipView AnswerAnswer: D Explanation: Reference: https://answers.splunk.com/answers/41928/add-a-lookup-csv-colum-information-to-the-results-ofa-inputlookup-search.html

January 30, 2021 No Comments READ MORE +

All users by default have WRITE permission to ALL knowledge objects.

All users by default have WRITE permission to ALL knowledge objects.A . TrueB . FalseView AnswerAnswer: B

January 30, 2021 No Comments READ MORE +

Which of the following index searches would provide the most efficient search performance?

Which of the following index searches would provide the most efficient search performance?A . index=*B . index=web OR index=s*C . (index=web OR index=sales)D . *index=sales AND index=web*View AnswerAnswer: C

January 29, 2021 No Comments READ MORE +

Which search matches the events containing the terms "error" and "fail"?

Which search matches the events containing the terms "error" and "fail"?A . index=security Error FailB . index=security error OR failC . index=security “error failure”D . index=security NOT error NOT failView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/SearchReference/Search

January 29, 2021 No Comments READ MORE +

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?A . the_questionnaire _pediaB . the_questionnaire pediaC . the_questionnaire_pediaD . the_questionnaire PediaView AnswerAnswer: C

January 29, 2021 No Comments READ MORE +

Which of the following is a metadata field assigned to every event in Splunk?

Which of the following is a metadata field assigned to every event in Splunk?A . hostB . ownerC . bytesD . actionView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Assignmetadatatoeventsdynamically

January 29, 2021 No Comments READ MORE +

Which of the following is a Splunk internal field?

Which of the following is a Splunk internal field?A . _rawB . hostC . _hostD . indexView AnswerAnswer: A

January 29, 2021 No Comments READ MORE +

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

Which of the following is a correct way to limit search results to display the 5 most common values of a field?A . | rare top=5B . | top rare=5C . | top limit=5D . | rare limit=5View AnswerAnswer: C

January 29, 2021 No Comments READ MORE +

Which component of Splunk let us write SPL query to find the required data?

Which component of Splunk let us write SPL query to find the required data?A . ForwardersB . IndexerC . Heavy ForwardersD . Search headView AnswerAnswer: D

January 29, 2021 No Comments READ MORE +