Splunk - Study guides, Class notes & Summaries

_________ define what users can do in Splunk. - Roles _____________ are reports gathered together into a single pane of glass. - Dashboards A search job will remain active for _____ minutes after it is run. - 10 Adding child data model objects is like the ______ operator in the Splunk search language. A) NOT B) AND C) OR - AND Admins can change the lookup case_sensitive_match option to false in which file? - All of Splunk's configurations are written within what file type? - Plain tex...

Which of the following threat intelligence types can ES download? (Choose all that apply.) · A. Text · B. STIX/TAXII · C. VulnScanSPL · D. SplunkEnterpriseThreatGenerator CORRECT ANSWER Text and STIX/TAXII When investigating, what is the best way to store a newly-found IOC? A. Paste it into Notepad. B. Click the Add IOC button. C. Click the Add Artifact button. D. Add it in a text note to the investigation. CORRECT ANSWER Click the Add Artifact button. At what point in the ES...

Which Splunk component receives, indexes, and stores incoming data from forwarders? a) Indexer b) Search head c) Cluster master d) Deployment server CORRECT ANSWER Indexer Which license type allows 500MB/day of indexing, but disables alerts, authentication, cluster, distributed search, summarization, and forwarding to non-Splunk servers? a) Free license b) Forwarder license c) Enterprise license d) Enterprise trial license CORRECT ANSWER Free license What can be used when setting t...

SPLUNK CLOUD ADMIN CERTIFICATION EXAM

Calculated fields can be based on which of the following? A. Tags B. Extracted fields C. Output fields for a lookup D. Fields generated from a search string CORRECT ANSWER Extracted fields Which of the following eval command functions is valid? A. int( ) B. count( ) C. print( ) D. tostring( ) CORRECT ANSWER tostring() Which of the following searches show a valid use of a macro? (Choose all that apply.) A. index=main source=mySource oldField=* |'makeMyField(oldField)' | ...

SPLUNK SPLK – 1002 questions with correct answers

SPLUNK ADMINISTRATOR EXAM QUESTIONS AND ANSWERS-

What is the only writeable bucket type? hot bucket warm bucket cold bucket CORRECT ANSWER The hot bucket By what filter are indexes divided into buckets? by time by name by source by host CORRECT ANSWER By time What are the 4 types of searches in Splunk (by performance) dense sparse super sparse rare super rare CORRECT ANSWER Dense, Sparse, Super Sparse, Rare In searches, what is the scanCount? the number of scanned events for all searches the number of events scanned for...

List Splunk forwarder types - - The universal forwarder contains only the components that are necessary to forward data - A heavy forwarder is a full Splunk Enterprise instance that can index, search, and change data as well as forward it. The heavy forwarder has some features disabled to reduce system resource usage. Describe the role of forwarders - Forwarders represent a much more robust solution for data forwarding than raw network feeds, with their capabilities for: - Tagging of metad...

Splunk Data Admin-Splunk Admin Test Qs & Answers (100 %Score) Latest updated 2024/2025 Comprehensive Questions and A+ Graded Answers | 100% Pass