Question 1

Splunk Parses data into individual events, extracts time, and assigns metadata.

Options :

A : False

B : True

Answer: B

Question 2

What does the values function of the stats command do?

Options :

A : Lists all values of a given field

B : Lists unique values of a given field

C : Returns a count of unique values for a given field

D : Returns the number of events that match the search.

Answer: B

Question 3

What is the primary use for the rare command?

Options :

A : To sort field values in descending order.

B : To return only fields containing five of fewer values

C : To find the least common values of a field in a dataset

D : To find the fields with the fewest number of values across a dataset

Answer: C

Question 4

Put query into separate lines where | (Pipes) are used by selecting following options.

Options :

A : CTRL + Enter

B : Shift + Enter

C : Space + Enter

D : ALT + Enter

Answer: B

Question 5

Which of the following searches would return only events that match the following criteria? • Events are inside the main index • The field status exists in the event • The value in the status field does not equal 200

Options :

A : index==main status!==200

B : index=main NOT status=200

C : index==main NOT status==200

D : index-main status!=200

Answer: C