What does the following specified time range do?

earliest=-72h@h latest=@d

A. Look back 3 days ago and prior

B. Look back 72 hours up to one day ago

C. Look back 72 hours, up to the end of today

D. Look back from 3 days ago up to the beginning of today

What must be done before an automatic lookup can be created? (select all that apply)

A. The lookup command must be used.

B. The lookup definition must be created.

C. The lookup file must be uploaded to Splunk.

D. The lookup file must be verified using the inputlookup command.

How are events displayed after a search is executed?

A. In chronological order.

B. Randomly by default.

C. In reverse chronological order.

D. Alphabetically according to field name.

In the Splunk interface, the list of alerts can be filtered based on which characteristics?

A. App, Owner, Severity, and Type

B. App, Owner, Priority, and Status

C. App, Dashboard, Severity, and Type

D. App, Time Window, Type, and Severity

In automatic lookup definitions, the _____ fields are those that are not in the event data.

A. input

B. output

Which of the following is a Splunk search best practice?

A. Filter as early as possible.

B. Never specify more than one index.

C. Include as few search terms as possible.

D. Use wildcards to return more search results.

Which of the following searches would return only events that match the following criteria?

1.

Events are inside the main index

2.

The field status exists in the event

3.

The value in the status field does not equal 200

A. index==main status!==200

B. index=main NOT status=200

C. index==main NOT status==200

D. index-main status!=200

How many minutes, by default, is the time to live (ttl) for an ad-hoc search job?

A. 5 minutes

B. 1 minute

C. 10 minutes

D. 60 minutes

Which statement describes field discovery at search time?

A. Splunk automatically discovers only numeric fields

B. Splunk automatically discovers only alphanumeric fields

C. Splunk automatically discovers only manually configured fields

D. Splunk automatically discovers only fields directly related to the search results

When displaying results of a search, which of the following is true about line charts?

A. Line charts are optimal for single and multiple series.

B. Line charts are optimal for single series when using Fast mode.

C. Line charts are optimal for multiple series with 3 or more columns.

D. Line charts are optimal for multiseries searches with at least 2 or more columns.