Splunk Exam SPLK-1005 Topic 4 Question 17 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 17
Topic #: 4

[All SPLK-1005 Questions]

Which of the following is an accurate statement about the delete command?

AThe delete command removes events from disk.

BBy default, only admins can run the delete command.

CEvents are virtually deleted by marking them as deleted.

DDeleting events reclaims disk space.

Show Suggested Answer

Suggested Answer: C

The delete command in Splunk does not remove events from disk but rather marks them as 'deleted' in the index. This means the events are not accessible via searches, but they still occupy space on disk. Only users with the can_delete capability (typically admins) can use the delete command.

Splunk Documentation Reference: Delete Command

by Roosevelt at Jul 05, 2025, 02:29 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Shawn

20 hours ago

I think the answer is C) Events are virtually deleted by marking them as deleted.

upvoted 0 times

...

Margot

13 days ago

I think C is the correct answer. Events are virtually deleted, not physically removed from disk.

upvoted 0 times

...