Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Splunk Interview Questions and Answer Part – 3

Spread the Knowledge

Of the following, which is the best description of Splunk?

  • Splunk is a log collector.
  • Splunk is a business intelligence tool.
  • Splunk is operational intelligence that consumes and makes machine data useable and valuable. (Ans)
  • Splunk is an alerting tool.

What are the building blocks of a Splunk App?

  • Configuration files (Ans)
  • Data sources
  • Reports
  • Pivots

Where is the best place to get help for Splunk?

  • reddit.com
  • answers.splunk.com (Ans)
  • stackoverflow.com
  • blogs

What is the primary way in which the timechart command differs from the chart command?

  • There is no difference. timechart is just a shortcut for chart with a specified x-axis of _time .
  • timechart does not take a span argument. chart does.
  • chart forces the x-axis to be _time. timechart does not.
  • timechart forces the x-axis to be _time. chart does not. (Ans)

Another way to say | is

  • “take the output of the commands before it, then do this with the input.”
  • “take the input of the commands before it, then do this with the output.”
  • “take the output of the commands before it, then do this with the output.” (Ans)
  • “take the output of the commands after it, then do this with the output.”

What is one of the differences between a heavy forwarder and a universal forwarder?

  • A universal forwarder is a complete installation of Splunk; a heavy forwarder is a light agent.
  • A heavy forwarder is a complete installation of Splunk; a universal forwarder is a light agent. (Ans)
  • Heavy forwards are limited in their functionality, but universal forwarders can do advanced things like route data.
  • The only difference is the type of machine you install the forwarder on.

Which search mode will Splunk default to if your search specifies fields?

  • Fast (Ans)
  • Smart
  • Verbose
  • Heavy

What is “the language of Splunk” known as?

  • SSL: Splunk Search Language
  • SQL: Splunk Query Language
  • SPL: Splunk Processing Language (Ans)
  • SEL: Splunk Execution Language

The default Splunk forwarding and management ports are, respectively

  • 8088, 9998
  • 9997, 8089 (Ans)
  • 9997, 8087
  • 443, 9797

Splunk assigns which three fields as default metadata?

  • host, source, source type (Ans)
  • host, ip, port
  • host, hostname, source
  • host, sourcetype, ip

What is the purpose of a lookup?

  • Allows you to add custom fields to events from external sources, like csv files. (Ans)
  • Allows Splunk to examine semantic knowledge objects.
  • Allows users to build custom reports based on data models.
  • Keeps a record of all previous searches, so that Splunk can look them up later.

Searches in the search pipeline go from

  • general to specific. (Ans)
  • specific to general.
  • middle out.
  • bottom up.

What’s wrong with this search?
host=homework user=* status=failed stats count(status) BY user | rename count(status) as “Number of Failed Logins”

  • count is not a stats function.
  • You need to have a | before the stats command. (Ans)
  • The rename command is invalid because you cannot rename a field to a phrase.
  • This search is valid.

Which type of authentication method does Splunk recommend for anything other than a small deployment?

  • Local
  • SAML
  • LDAP/AD (Ans)
  • Scripted

The rare function returns , while the top function returns .

  • a visualization with _time on the x axis; a visualization with a specified field on the x axis
  • limits; thresholds
  • least common values; most common values (Ans)
  • top ten common values; top ten uncommon values

The Enterprise Trial license is valid for , after which point it will convert to a license.

  • 60 days; free (Ans)
  • 30 days; limited functionality
  • 30 days; free
  • 60 days; limited functionality

Heavy forwards

  • require a universal license.
  • require an enterprise license.
  • do not require a license.
  • require a forwarder license. (Ans)

Of the following, which best describes the difference between a tag and an event type?

  • There is no difference.
  • Tags are more complex knowledge objects than event types.
  • Tags are much more powerful than event types, because they can contain multiple fields.
  • Event types can contain multiple fields, while tags can only contain one. (Ans)

Which of the following is not one of the four major functions of Splunk?

  • Parsing
  • Input
  • Compressing (Ans)
  • Indexing
  • Searching

The structure of Splunk configuration files is:

  • key=value [stanza]
  • [stanza] [sub-stanza]
  • [stanza] attribute=value (Ans)
  • savedsearch=value [stanza]
Rajesh Kumar