Month End Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. Splunk
  3. Splunk Core Certified User
  4. SPLK-1001
  5. Splunk Core Certified User Questions and Answers

SPLK-1001 Splunk Core Certified User Questions and Answers

Questions 4

The four types of Lookups that Splunk provides out-of-the-box are External, KV Store, Geospatial and which of the following?

Options:

A.

Correlated

B.

File-based

C.

Total

D.

Segmented

Buy Now
Questions 5

The stats command will create a _____________ by default.

Options:

A.

Table

B.

Report

C.

Pie chart

Buy Now
Questions 6

By default, which role contains the minimum permissions required to have write access to Splunk alerts?

Options:

A.

User

B.

Alerting

C.

Power

D.

Admin

Buy Now
Questions 7

When viewing the results of a search, what is an Interesting Field?

Options:

A.

A field that appears in any event

B.

A field that appears in every event

C.

A field that appears in the top 10 events

D.

A field that appears in at least 20% of the events

Buy Now
Questions 8

By default search results are not returned in ________ order.

Options:

A.

Chronological

B.

Reverser chronological

C.

ASCIE

D.

Alphabetical

Buy Now
Questions 9

How many minutes, by default, is the time to live (ttl) for an ad-hoc search job?

Options:

A.

5 minutes

B.

1 minute

C.

10 minutes

D.

60 minutes

Buy Now
Questions 10

What are Splunk alerts based on?

Options:

A.

Dashboards

B.

Searches

C.

Webhooks

D.

Reports

Buy Now
Questions 11

By default, which of the following is a Selected Field?

Options:

A.

action

B.

clientip

C.

categoryld

D.

sourcetype

Buy Now
Questions 12

Which statement describes field discovery at search time?

Options:

A.

Splunk automatically discovers only numeric fields

B.

Splunk automatically discovers only alphanumeric fields

C.

Splunk automatically discovers only manually configured fields

D.

Splunk automatically discovers only fields directly related to the search results

Buy Now
Questions 13

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Options:

A.

host

B.

index

C.

source

D.

sourcetype

Buy Now
Questions 14

We should use heavy forwarder for sending event-based data to Indexers.

Options:

A.

False

B.

True

Buy Now
Questions 15

How are the results of the following search sorted?

… | sort action, —file, +bytes

Options:

A.

In descending order by action, then descending order by file, and lastly by ascending order of bytes.

B.

In ascending order by action, then descending order by file, and lastly by ascending order of bytes.

C.

In descending order by action if it exists. If not, then in descending order by file, and if both action and file do not exist, by ascending order of bytes.

D.

In ascending order by action if it exists. If not, then in descending order by file, and if both action and file do not exist, by ascending order of bytes.

Buy Now
Questions 16

The new data uploaded in Splunk are shown in ________________.

Options:

A.

Real-time

B.

10 Minutes

C.

Overnight Download

D.

30 Minutes

Buy Now
Questions 17

Splunk Parses data into individual events, extracts time, and assigns metadata.

Options:

A.

False

B.

True

Buy Now
Questions 18

What are the two most efficient search filters?

Options:

A.

_time and host

B.

_time and index

C.

host and sourcetype

D.

index and sourcetype

Buy Now
Questions 19

Events in Splunk are automatically segregated using data and time.

Options:

A.

Yes

B.

No

Buy Now
Questions 20

Splunk extracts fields from event data at index time and at search time.

Options:

A.

True

B.

False

Buy Now
Questions 21

In the fields sidebar, which character denotes alphanumeric field values?

Options:

A.

#

B.

%

C.

a

D.

a#

Buy Now
Questions 22

At index time, in which field does Splunk store the timestamp value?

Options:

A.

time

B.

_time

C.

EventTime

D.

timestamp

Buy Now
Questions 23

Which of the following is a metadata field assigned to every event in Splunk?

Options:

A.

host

B.

owner

C.

bytes

D.

action

Buy Now
Questions 24

Which of the following reports is available in the Fields window?

Options:

A.

Top values by time

B.

Rare values by time

C.

Events with top value fields

D.

Events with rare value fields

Buy Now
Questions 25

What is one benefit of creating dashboard panels from reports?

Options:

A.

Any newly created dashboard will include that report.

B.

There are no benefits to creating dashboard panels from reports.

C.

It makes the dashboard more efficient because it only has to run one search string.

D.

Any change to the underlying report will affect every dashboard that utilizes that report.

Buy Now
Questions 26

Creating Data Models:

Fields associated with a data set are known as ______.

Options:

A.

Attributes

B.

Constraints

Buy Now
Questions 27

When a Splunk search generates calculated data that appears in the Statistics tab. in what formats can the results be exported?

Options:

A.

CSV, JSON, PDF

B.

CSV, XML JSON

C.

Raw Events, XML, JSON

D.

Raw Events, CSV, XML, JSON

Buy Now
Questions 28

Which command will rename action to Customer Action?

Options:

A.

| rename action = CustomerAction

B.

| rename Action as “Customer Action”

C.

| rename Action to “Customer Action”

D.

| rename action as “Customer Action”

Buy Now
Questions 29

Will the queries following below get the same result?

1. index=log sourcetype=error_log status !=100

2. index=log sourcetype=error_log NOT status =100

Options:

A.

Yes

B.

No

Buy Now
Questions 30

It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.

Options:

A.

True

B.

False

Buy Now
Questions 31

By default, all users have DELETE permission to ALL knowledge objects.

Options:

A.

True

B.

False

Buy Now
Questions 32

Splunk internal fields contains general information about events and starts from underscore i.e. _ .

Options:

A.

True

B.

False

Buy Now
Questions 33

What can be included in the All Fields option in the sidebar?

Options:

A.

Dashboards

B.

Metadata only

C.

Non-interesting fields

D.

Field descriptions

Buy Now
Questions 34

Select the correct option that applies to Index time processing (Choose three.).

Options:

A.

Indexing

B.

Searching

C.

Parsing

D.

Settings

E.

Input

Buy Now
Questions 35

Snapping rounds down to the nearest specified unit.

Options:

A.

Yes

B.

No

Buy Now
Questions 36

When displaying results of a search, which of the following is true about line charts?

Options:

A.

Line charts are optimal for single and multiple series.

B.

Line charts are optimal for single series when using Fast mode.

C.

Line charts are optimal for multiple series with 3 or more columns.

D.

Line charts are optimal for multiseries searches with at least 2 or more columns.

Buy Now
Questions 37

This function of the stats command allows you to return the sample standard deviation of a field.

Options:

A.

stdev

B.

dev

C.

count deviation

D.

by standarddev

Buy Now
Questions 38

Uploading local files though Upload options index the file only once.

Options:

A.

No

B.

Yes

Buy Now
Questions 39

Which symbol is used to snap the time?

Options:

A.

@

B.

&

C.

*

D.

#

Buy Now
Questions 40

When running searches command modifiers in the search string are displayed in what color?

Options:

A.

Red

B.

Blue

C.

Orange

D.

Highlighted

Buy Now
Questions 41

Which search matches the events containing the terms "error" and "fail"?

Options:

A.

index=security Error Fail

B.

index=security error OR fail

C.

index=security “error failure”

D.

index=security NOT error NOT fail

Buy Now
Questions 42

Universal forwarder is recommended for forwarding the logs to indexers.

Options:

A.

False

B.

True

Buy Now
Questions 43

Which of the following is an option after clicking an item in search results?

Options:

A.

Saving the item to a report

B.

Adding the item to the search.

C.

Adding the item to a dashboard

D.

Saving the search to a JSON file.

Buy Now
Questions 44

Log filtering/parsing can be done from _____________.

Options:

A.

Index Forwarders (IF)

B.

Universal Forwarders (UF)

C.

Super Forwarder (SF)

D.

Heavy Forwarders (HF)

Buy Now
Questions 45

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

Options:

A.

(index=netfw failure) AND index=netops warn OR critical

B.

(index=netfw failure) OR (index=netops (warn OR critical))

C.

(index=netfw failure) AND (index=netops (warn OR critical))

D.

(index=netfw failure) OR index=netops OR (warn OR critical)

Buy Now
Questions 46

Given the following SPL search, how many rows of results would you expect to be returned by default? index=security sourcetype=linux_secure (fail* OR invalid) I top src__ip

Options:

A.

10

B.

50

C.

100

D.

20

Buy Now
Questions 47

What syntax is used to link key/value pairs in search strings?

Options:

A.

Parentheses

B.

@ or # symbols

C.

Quotation marks

D.

Relational operators such as =, <, or >

Buy Now
Questions 48

How can search results be kept longer than 7 days?

Options:

A.

By scheduling a report.

B.

By creating a link to the job.

C.

By changing the job settings.

D.

By changing the time range picker to more than 7 days.

Buy Now
Questions 49

In the Search and Reporting app, which is a default selected field?

Options:

A.

index

B.

action

C.

_time

D.

host

Buy Now
Questions 50

Splunk Enterprise is used as a Scalable service in Splunk Cloud.

Options:

A.

True

B.

False

Buy Now
Questions 51

Which command is used to review the contents of a specified static lookup file?

Options:

A.

lookup

B.

csvlookup

C.

inputlookup

D.

outputlookup

Buy Now
Questions 52

When refining search results, what is the difference in the time picker between real-time and relative time ranges?

Options:

A.

Real-time searches happen instantly, while relative searches happen at a scheduled time.

B.

Real-time searches display results from a rolling time window, while relative searches display results from a set length of time.

C.

Real-time searches run constantly in the background, while relative searches only run when certain criteria are met.

D.

Real-time represents events that have happened in a set time window, while relative will display results from a rolling time window.

Buy Now
Questions 53

What are the steps to schedule a report?

Options:

A.

After saving the report, click Schedule.

B.

After saving the report, click Event Type.

C.

After saving the report, click Scheduling.

D.

After saving the report, click Dashboard Panel.

Buy Now
Questions 54

Put query into separate lines where | (Pipes) are used by selecting following options.

Options:

A.

CTRL + Enter

B.

Shift + Enter

C.

Space + Enter

D.

ALT + Enter

Buy Now
Questions 55

When is the pipe character, I, used in search strings?

Options:

A.

Before clauses. For example: stats sum(bytes) | by host

B.

Before commands. For example: | stats sum(bytes) by host

C.

Before arguments. For example: stats sum| (bytes) by host

D.

Before functions. For example: stats |sum(bytes) by host

Buy Now
Questions 56

Which of the following is a Splunk search best practice?

Options:

A.

Filter as early as possible.

B.

Never specify more than one index.

C.

Include as few search terms as possible.

D.

Use wildcards to return more search results.

Buy Now
Questions 57

Which of the following searches will return results where fail, 400, and error exist in every event?

Options:

A.

error AND (fail AND 400)

B.

error OR (fail and 400)

C.

error AND (fail OR 400)

D.

error OR fail OR 400

Buy Now
Questions 58

These users can create global knowledge objects. (Select all that apply.)

Options:

A.

users

B.

power users

C.

administrators

Buy Now
Questions 59

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

Options:

A.

| rare top=5

B.

| top rare=5

C.

| top limit=5

D.

| rare limit=5

Buy Now
Questions 60

Which search string is the most efficient?

Options:

A.

"failed password"

B.

''failed password"*

C.

index=* "failed password"

D.

index=security "failed password"

Buy Now
Questions 61

Forward Option gather and forward data to indexers over a receiving port from remote machines.

Options:

A.

False

B.

True

Buy Now
Questions 62

Which of the following commands will show the maximum bytes?

Options:

A.

sourcetype=access_* | maximum totals by bytes

B.

sourcetype=access_* | avg (bytes)

C.

sourcetype=access_* | stats max(bytes)

D.

sourcetype=access_* | max(bytes)

Buy Now
Questions 63

NOT status = 100:

Options:

A.

Will display result depending on the data.

B.

Will return event where status field exist but value of that field is not 100.

C.

Will return event where status field exist but value of that field is not 100 and all events where status field

doesn't exist.

Buy Now
Questions 64

Splunk index time process can be broken down into __________ phases.

Options:

A.

3

B.

2

C.

4

D.

1

Buy Now
Questions 65

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)

Options:

A.

h

B.

day

C.

mon

D.

yr

E.

y

F.

w

G.

week

Buy Now
Questions 66

When placed early in a search, which command is most effective at reducing search execution time?

Options:

A.

dedup

B.

rename

C.

sort -

D.

fields +

Buy Now
Questions 67

Splunk apps are used for following (Choose three.):

Options:

A.

Designed to cater numerous use cases and empower Splunk.

B.

We can not install Splunk App.

C.

Allows multiple workspaces for different use cases/user roles.

D.

It is collection of different Splunk config files like data inputs, UI and Knowledge Object.

Buy Now
Questions 68

Documentations for Splunk can be found at docs.splunk.com

Options:

A.

True

B.

False

Buy Now
Questions 69

What is the correct order of steps for creating a new lookup?

1. Configure the lookup to run automatically

2. Create the lookup table

3. Define the lookup

Options:

A.

2, 1, 3

B.

1, 2, 3

C.

2, 3, 1

D.

3, 2, 1

Buy Now
Questions 70

How do you add or remove fields from search results?

Options:

A.

Use field +to add and field -to remove.

B.

Use table +to add and table -to remove.

C.

Use fields +to add and fields –to remove.

D.

Use fields Plus to add and fields Minus to remove.

Buy Now
Questions 71

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

Options:

A.

No events will be returned.

B.

Splunk will prompt you to specify an index.

C.

All non-indexed events to which the user has access will be returned.

D.

Events from every index searched by default to which the user has access will be returned.

Buy Now
Questions 72

When viewing results of a search job from the Activity menu, which of the following is displayed?

Options:

A.

New events based on the current time range picker

B.

The same events based on the current time range picker

C.

The same events from when the original search was executed

D.

New events in addition to the same events from the original search

Buy Now
Questions 73

When a search returns __________, you can view the results as a list.

Options:

A.

a list of events

B.

transactions

C.

statistical values

Buy Now
Exam Code: SPLK-1001
Exam Name: Splunk Core Certified User
Last Update: May 2, 2025
Questions: 244

PDF + Testing Engine

$57.75  $164.99
buy now SPLK-1001 pdf + testing engine

Testing Engine

$43.75  $124.99
buy now SPLK-1001 testing engine

PDF (Q&A)

$36.75  $104.99
buy now SPLK-1001 pdf