How are events displayed after a search is executed?
A.
In chronological order.
B.
Randomly by default.
C.
In reverse chronological order.
D.
Alphabetically according to field name.
After running a search, what effect does clicking and dragging across the timeline have?
A.
Executes a new search.
B.
Filters current search results.
C.
Moves to past or future events.
D.
Expands the time range of the search.
Which command is used to review the contents of a specified static lookup file?
A.
lookup
B.
csvlookup
C.
inputlookup
D.
outputlookup
Which time range picker configuration would return real-time events for the past 30 seconds?
A.
Preset - Relative: 30-seconds ago
B.
Relative - Earliest: 30-seconds ago, Latest: Now
C.
Real-time - Earliest: 30-seconds ago, Latest: Now
D.
Advanced - Earliest: 30-seconds ago, Latest: Now
What is one benefit of creating dashboard panels from reports?
A.
Any newly created dashboard will include that report.
B.
There are no benefits to creating dashboard panels from reports.
C.
It makes the dashboard more efficient because it only has to run one search string.
D.
Any change to the underlying report will affect every dashboard that utilizes that report
Which of the following statements about case sensitivity is true?
A.
Both field names and field values ARE case sensitive.
B.
Field names ARE case sensitive; field values are NOT.
C.
Field values ARE case sensitive; field names ARE NOT.
D.
Both field names and field values ARE NOT case sensitive.
What does the rare command do?
A.
Returns the least common field values of a given field in the results.
B.
Returns the most common field values of a given field in the results.
C.
Returns the top 10 field values of a given field in the results.
D.
Returns the lowest 10 field values of a given field in the results.
Which Boolean operator is always implied between two search terms, unless otherwise specified?
A.
OR
B.
NOT
C.
AND
D.
XOR
What does the values function of the stats command do?
A.
Lists all values of a given field.
B.
Lists unique values of a given field.
C.
Returns a count of unique values for a given field.
D.
Returns the number of events that match the search.
A field exists in search results, but isn’t being displayed in the fields sidebar. How can it be added to the fields sidebar?
A.
Click All Fields and select the field to add it to Selected Fields.
B.
Click Interesting Fields and select the field to add it to Selected Fields.
C.
C. Click Selected Fields and select the field to add it to Interesting Fields.
D.
This scenario isn’t possible because all fields returned from a search always appear in the fields sidebar
In the fields sidebar, which character denotes alphanumeric field values? A. #
A.
#
B.
%
C.
a
D.
a#
Which of the following searches will return results where fail, 400, and error exist in every event?
A.
error AND (fail AND 400)
B.
error OR (fail and 400)
C.
error AND (fail OR 400)
D.
error OR fail OR 400
| Page 9 out of 21 Pages |
| Previous |