SPLK-2001 Online Practice Questions and Answers

Which of the following options would be the best way to identify processor bottlenecks of a search?

A. Using the REST API.

B. Using the search job inspector.

C. Using the Splunk Monitoring Console.

D. Searching the Splunk logs using index=" internal".

How can hiding or showing a panel by clicking on a chart or a table on the same form be performed?

A. By using vent drilldown.

B. By using workflow action.

C. By using contextual drilldown.

D. By using visualization drilldown.

Which of the following are types of event handlers? (Select all that apply.)

A. Search

B. Set token

C. Form input

D. Visualization

Which of the following are reserved field names in a KV Store? (Select all that apply.)

A. _key

B. _time

C. _user

D. _source

Which HTTP Event Collector (HEC) endpoint should be used to collect data in the following format? {"message":"Hello World", "foo":"bar", "pony":"buttercup"}

A. data/inputs/http/{name}

B. services/collector/raw

C. services/collector

D. data/inputs/http

When the search/jobs REST endpoint is called to execute a search, what can be done to reduce the results size in the results? (Select all that apply.)

A. Use a generating search.

B. Remove unneeded fields.

C. Truncate the data, using selective functions.

D. Summarize data, using analytic commands.

Which files within an app contain permissions information? (Select all that apply.)

A. local/metadata.conf

B. metadata/local.meta

C. default/metadata.conf

D. metadata/default.meta

Which of the following search commands can be used to perform statistical queries on indexed fields in TSIDX files?

A. stats

B. tstats

C. tscollect

D. transaction