Splunk splk-2001 practice test

Splunk Certified Developer Exam

Last exam update: May 12 ,2024
Page 1 out of 5. Viewing questions 1-15 out of 70

Question 1

For a KV store, a lookup stanza in the transforms.conf file must contain which of the following?
(Select all that apply.)

  • A. collection
  • B. fields_list
  • C. external_type
  • D. internal_type
Mark Question:
Answer:

AB

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Knowledge/ConfigureKVstorelookus

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Data can be added to a KV store collection in which of the following format(s)?

  • A. JSON
  • B. JSON, XML
  • C. JSON, XML, CSV
  • D. JSON, XML, CSV, TXT
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/kvstore/
usingconfigurationfiles/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following will unset a token named my_token?

  • A. <unset>$my_token$</unset>
  • B. <unset token=“my_token”></unset>
  • C. <set token=“my_token”>false</token>
  • D. <set token=“my_token”>disabled</set>
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://community.splunk.com/t5/Dashboards-Visualizations/Unset-a-token-if-it-is-
equal-to-a-value/ m-p/353512

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following search commands can be used to perform statistical queries on indexed fields
in TSIDX files?

  • A. stats
  • B. tstats
  • C. tscollect
  • D. transaction
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Tstats

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A dashboard is taking too long to load. Several searches start with the same SPL. How can the
searches be optimized in this dashboard? (Select all that apply.)

  • A. Convert searches to include NOT expressions.
  • B. Restrict the time range of the search as much as possible.
  • C. Replace | stats command with | transaction command wherever possible.
  • D. Convert the common SPL into a Global Search and convert the other searches to post-processing searches.
Mark Question:
Answer:

CD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

When using the Splunk Web Framework to create a global search, which is the correct post-process
syntax for the base search shown below?
var searchmain = new SearchManager{{ id: base-search,
search: index= internal | head 10 | fields *, preview: true,
cache: true
}};

  • A. var mypostproc1 = new PostProcessManager {{ id: post1, managerid: base-search, search: | stats count by sourcetype }};
  • B. var mypostproc1 = new PostProcessManager{{ id: post1, managerid: base, search: | stats count by sourcetype }};
  • C. var mypostproc1 = new PostProcess{{ id: post1, managerid: base-search, search: | search stats count by sourcetype }};
  • D. You cannot create global searches in the Splunk Web Framework.
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which files within an app contain permissions information? (Select all that apply.)

  • A. local/metadata.conf
  • B. metadata/local.meta
  • C. default/metadata.conf
  • D. metadata/default.meta
Mark Question:
Answer:

CD

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://dev.splunk.com/enterprise/docs/devtools/customsearchcommands/manageaccesstocustom
/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following is a way to monitor app performance? (Select all that apply.)

  • A. Using Splunk logs.
  • B. Using the search job inspector.
  • C. Using the Monitoring Console.
  • D. Using the storage/collections/config REST endpoint.
Mark Question:
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

In a DELETE request, what would omitting the value of _key from the REST endpoint do?

  • A. Clean the KV store, deleting all content.
  • B. Produce the syntax error “Key value missing”.
  • C. Cause all records in a collection to be deleted.
  • D. Mean that the _key value must be passed as an argument.
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following are valid parent elements for the event action shown below? (Select all that
apply.)
<set token=Token Name>sourcetype=$click.value|s$</set>

  • A. <eval>
  • B. <change>
  • C. <change> <condition>
  • D. <drilldown> <condition>
Mark Question:
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following is a customization option for the Open in Search panel link button?

  • A. Display the refresh time.
  • B. Show the Export Results button.
  • C. Show link buttons at the bottom of a panel.
  • D. Define an alternative search or target view to use.
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

When the search/jobs REST endpoint is called to execute a search, what can be done to reduce the
results size in the results? (Select all that apply.)

  • A. Use a generating search.
  • B. Remove unneeded fields.
  • C. Truncate the data, using selective functions.
  • D. Summarize data, using analytic commands.
Mark Question:
Answer:

AB

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following is an intended use of HTTP Event Collector tokens?

  • A. A cookie.
  • B. An HTTP header field.
  • C. A JSON field in the HTTP request.
  • D. A password in conjunction with login.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/FormateventsforHTTPEventCollector

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which of the following ensures that quotation marks surround the value referenced by the token?

  • A. $token_name|s$
  • B. “$token_name$”
  • C. ($token_name$)
  • D. \“$token_name$\”
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/tokens

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following statements describe an HEC token? (Select all that apply.)

  • A. Maps to a Splunk user.
  • B. Can be used to download data.
  • C. Is a GUID (globally unique identifier).
  • D. Can be created in Splunk Web or using REST endpoints.
Mark Question:
Answer:

CD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2