Splunk SPLK-1001 Practice Exams
Last updated on Mar 31,2025- Exam Code: SPLK-1001
- Exam Name: Splunk Core Certified User
- Certification Provider: Splunk
- Latest update: Mar 31,2025
How do you add or remove fields from search results?
- A . Use field +to add and field -to remove.
- B . Use table +to add and table -to remove.
- C . Use fields +to add and fields Cto remove.
- D . Use fields Plus to add and fields Minus to remove.
What determines the scope of data that appears in a scheduled report?
- A . All data accessible to the User role will appear in the report.
- B . All data accessible to the owner of the report will appear in the report.
- C . All data accessible to all users will appear in the report until the next time the report is run.
- D . The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time.
By default, which of the following fields would be listed in the fields sidebar under interesting Fields?
- A . host
- B . index
- C . source
- D . sourcetype
When a search returns __________, you can view the results as a list.
- A . a list of events
- B . transactions
- C . statistical values
The command shown here does witch of the following: Command: |output lookup products.csv
- A . Writes search results to a file named products.csv
- B . Returns the contents of a file named products.csv
When a Splunk search generates calculated data that appears in the Statistics tab.
in what formats can the results be exported?
- A . CSV, JSON, PDF
- B . CSV, XML JSON
- C . Raw Events, XML, JSON
- D . Raw Events, CSV, XML, JSON
Which of the following is true about user account settings and preferences?
- A . Search & Reporting is the only app that can be set as the default application.
- B . Full names can only be changed by accounts with a Power User or Admin role.
- C . Time zones are automatically updated based on the setting of the computer accessing Splunk.
- D . Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
Select the answer that displays the accurate placing of the pipe in the following search string:
index=security sourcetype=access_* status=200 stats count by price
- A . index=security sourcetype=access_* status=200 stats | count by price
- B . index=security sourcetype=access_* status=200 | stats count by price
- C . index=security sourcetype=access_* status=200 | stats count | by price
- D . index=security sourcetype=access_* | status=200 | stats count by price
When viewing the results of a search, what is an Interesting Field?
- A . A field that appears in any event
- B . A field that appears in every event
- C . A field that appears in the top 10 events
- D . A field that appears in at least 20% of the events
What is the primary use for the rare command1?
- A . To sort field values in descending order
- B . To return only fields containing five or fewer values
- C . To find the least common values of a field in a dataset
- D . To find the fields with the fewest number of values across a dataset