Splunk Test Questions & Answers

In most production environments, _______ will be used as your the source of data input. - ANS -

Forwarders

Splunk knows where to break the event, where the time stamp is located and how to

automatically create field value pairs using these. - ANS - Source types

Splunk uses ________ to categorize the type of data being indexed. - ANS - Sourcetypes

The monitor input option will allow you to continuously monitor files. - ANS - True

Files indexed using the the upload input option get indexed _____. - ANS - Once

When zooming in on the event time line, a new search is run. - ANS - False

When a search is sent to splunk, it becomes a _____. - ANS - Search job

Commands that create statistics and visualizations are called _______________ commands. -

ANS - Transforming

The time stamp you see in the events is based on the time zone in your user account. - ANS -

True