Question 1

Which search would limit an "alert" tag to the "host" field?

Options :

A : tag=alert

B : host::tag::alert

C : tag==alert

D : tag::host=alert

Answer: D

Question 2

To which of the following can a field alias be applied?

Options :

A :

Data found in a lookup table.

B :

Either a calculated field or an extracted field.

C :

Only one single field in a dataset.

D :

A given host, source, or sourcetype.

Answer: B

Question 3

Splunk alerts can be based on search that run______. (Select all that apply.)

Options :

A : in real-time

B : on a regular schedule

C : and have no matching events

Answer: A,B

Question 4

Highlighted search terms indicate _________ search results in Splunk.

Options :

A : Display as selected fields.

B : Sorted

C : Charted based on time

D : Matching

Answer: D

Question 5

Which of the following actions can the eval command perform?

Options :

A : Remove fields from results.

B : Create or replace an existing field.

C : Group transactions by one or more fields.

D : Save SPL commands to be reused in other searches.

Answer: B