Create Next App

Exam contains 60 questions

Page 6 of 10

Question 31 🔥

For the following data, what would be the correct attribute/value pair to use to successfully extract the correct timestamp from all the events?

Which database solution meets these requirements?

A. TIME_FORMAT = %b %d %H:%M:%S %z

Highly voted

B. DATETIME_CONFIG = %Y-%m-%d %H:%M:%S %z

Highly voted

C. TIME_FORMAT = %b %d %H:%M:%S

Highly voted

D. DATETIME_CONFIG = %b %d %H:%M:%S

Highly voted

Discussion of the question

Question 32 🔥

Which monitor statement will retrieve only files that start with “access” in the directory /opt/log/www2/?

Which database solution meets these requirements?

A. [monitor:///opt/log/.../access]

Highly voted

B. [monitor:///opt/log/www2/access*]

Highly voted

C. [monitor:///opt/log/www2/]

Highly voted

D. [monitor:///opt/log/.../]

Highly voted

Discussion of the question

Question 33 🔥

Which of the following methods is valid for creating index-time field extractions?

Which database solution meets these requirements?

A. Use the UI to create a sourcetype, specify the field name and corresponding regular expression with capture statement.

Highly voted

B. Create a configuration app with the index-time props.conf and/or transforms.conf, and upload the app via UI.

Highly voted

C. Use the CLI app to define settings in fields.conf, and restart Splunk Cloud.

Highly voted

D. Use the rex command to extract the desired field, and then save as a calculated field.

Highly voted

Discussion of the question

Question 34 🔥

Which of the following statements regarding apps in Splunk Cloud is true?

Which database solution meets these requirements?

A. Self-service install of premium apps is possible.

Highly voted

B. Only Cloud certified and vetted apps are supported.

Highly voted

C. Any app that can be deployed in an on-prem Splunk Enterprise environment is also supported on Splunk Cloud.

Highly voted

D. Self-service install is available for all apps on Splunkbase.

Highly voted

Discussion of the question

Question 35 🔥

When using Splunk Universal Forwarders, which of the following is true?

Which database solution meets these requirements?

A. No more than six Universal Forwarders may connect directly to Splunk Cloud.

Highly voted

B. Any number of Universal Forwarders may connect directly to Splunk Cloud.

Highly voted

C. Universal Forwarders must send data to an Intermediate Forwarder.

Highly voted

D. There must be one Intermediate Forwarder for every three Universal Forwarders.

Highly voted

Discussion of the question

Question 36 🔥

In which of the following situations should Splunk Support be contacted?

Which database solution meets these requirements?

A. When a custom search needs tuning due to not performing as expected.

Highly voted

B. When an app on Splunkbase indicates Request Install.

Highly voted

C. Before using the delete command.

Highly voted

D. When a new role that mirrors sc_admin is required.

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

splunk SPLK_1005

Exam contains 60 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us