Question 1

Which Boolean operator is implied between search terms, unless otherwise specified?

Options :

A : OR

B : AND

C : NOT

D : NAND

Answer: B

Question 2

After running a search, what effect does clicking and dragging across the timeline have?

Options :

A : Executes a new search

B : Filters current search results.

C : Moves to past or future events

D : Expands the time range of the search.

Answer: B

Question 3

What are the three main Splunk components?

Options :

A : Search head, GPU, streamer

B : Search head, indexer, forwarder

C : Search head, SQL database, forwarder

D : Search head, SSD, heavy weight agent

Answer: B

Question 4

How to make Interesting field into a selected field?

Options :

A : Click field in field sidebar -> click YES on the pop-up dialog on upper right side -> check now field should be visible in the list of selected fields.

B : Not possible.

C : Only CLI changes will enable it

D : Click Settings -> Find field option -> Drop down select field -> enable selected field -> check now field should be visible in the list of selected fields.

Answer: A

Question 5

Can you stop or pause the searching?

Options :

A : No

B : Yes

Answer: B