Splunk SPLK-1005 Real Exam Questions
The questions for SPLK-1005 were last updated at Nov 21,2024.
- Exam Code: SPLK-1005
- Exam Name: Splunk Cloud Certified Admin
- Certification Provider: Splunk
- Latest update: Nov 21,2024
Which Splunk add-on simplifies the process of getting data into Splunk Cloud Platform from Windows Event Log channels?
- A . Splunk Add-on for Windows
- B . Splunk Add-on for Infrastructure
- C . Splunk Add-on for Active Directory
- D . Splunk Add-on for DNS
Which type of forwarder can perform data parsing and enrichment before sending it to the indexer?
- A . Universal forwarder
- B . Heavy forwarder
- C . Deployment server
- D . Search head
What is the name of the attribute that specifies the sed script for data transformation in the props.conf file?
- A . SEDCMD
- B . FORMAT
- C . DEST_KEY
- D . TRANSFORMS
Which setting in inputs.conf can be used to specify the interval at which the script runs for a scripted input?
- A . interval
- B . frequency
- C . schedule
- D . cron
What is the name of the component that acts as a data manager and sends data to Splunk Cloud Platform indexers?
- A . Heavy forwarder
- B . Universal forwarder
- C . Deployment server
- D . License master
What is the name of the default field that stores the timestamps in UNIX time when data is indexed?
- A . _time
- B . _timestamp
- C . _date
- D . _epoch
Which type of forwarder can act as an intermediate forwarder to receive data from other forwarders and send it to the indexer?
- A . Universal forwarder
- B . Heavy forwarder
- C . Light forwarder
- D . Any type of forwarder
What is the name of the process that breaks the stream of raw data into individual lines called events?
- A . Line breaking
- B . Event annotation
- C . Event transformation
- D . Timestamp extraction