SPLK-2001 Online Practice Questions and Answers

When updating a knowledge object via REST, which of the following are valid values for the sharing Access Control List property?

A. App

B. User

C. Global

D. Nobody

There is a global search named "global_search" defined on a form as shown below:

Which of the following would be a valid post-processing search? (Select all that apply.)

A. | tstats count

B. sourcetype=mysourcetype

C. stats sum(count) AS count by log level

D. search log_level=error | stats sum(count) AS count by component

Which of the following is an example of a valid syntax for specifying an absolute time range modifier in a search?

A. earliest=01/01/2019:00:00:00

B. earliest=01/01/2019T00:00:00

C. earliest=2019-01-01 00:00:00

D. earliest=2019-01-01T00:00:00

Which of the following log files contains logs that are most relevant to Splunk Web?

A. audit.log

B. metrics.log

C. splunkd.log

D. web_service.log

Which of the following formats are valid for a Splunk REST URI?

A. host:port/endpoint

B. scheme://host/servicesNS/*/

C. $SPLUNK HOME/services/endpoint

D. scheme://host:port/services/endpoint

Which of the following is an intended use of HTTP Event Collector tokens?

A. A cookie.

B. An HTTP header field.

C. A JSON field in the HTTP request.

D. A password in conjunction with login.

In a DELETE request, what would omitting the value of _key from the REST endpoint do?

A. Clean the KV store, deleting all content.

B. Produce the syntax error "Key value missing".

C. Cause all records in a collection to be deleted.

D. Mean that the _key value must be passed as an argument.

Which of the following is a way to monitor app performance? (Select all that apply.)

A. Using Splunk logs.

B. Using the search job inspector.

C. Using the Monitoring Console.

D. Using the storage/collections/config REST endpoint.

When using the Splunk Web Framework to create a global search, which is the correct post-process

syntax for the base search shown below?

var searchmain = new SearchManager{{

id: "base-search",

search: "index= internal | head 10 | fields "*",

preview: true,

cache: true

}};

A. var mypostproc1 = new PostProcessManager {{ id: "post1", managerid: "base-search", search: "| stats count by sourcetype" }};

B. var mypostproc1 = new PostProcessManager{{ id: "post1", managerid: "base", search: "| stats count by sourcetype" }};

C. var mypostproc1 = new PostProcess{{ id: "post1", managerid: "base-search", search: "| search stats count by sourcetype" }};

D. You cannot create global searches in the Splunk Web Framework.

Which of the following search commands can be used to perform statistical queries on indexed fields in TSIDX files?

A. stats

B. tstats

C. tscollect

D. transaction