Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free Splunk O11y Cloud Certified Metrics User Practice Questions

Pass your Splunk O11y Cloud Certified Metrics User (SPLK-4001) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

An OpenTelemetry Collector is dropping metrics under load and reporting that its memory limit was exceeded. Which processor should you add or tune to back-pressure incoming data BEFORE the Collector runs out of memory?

A
B
C
D
to track
Same family resources

Explore More Splunk Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Splunk Certified Administrator

Practice Questions

Splunk Certified Data Analyst

Practice Questions

Splunk Core Certified Power User

Practice Questions

Splunk Core Certified User

Practice Questions

Splunk Certified Cybersecurity Defense Analyst (SPLK-5001)

Practice Questions

Splunk Certified Cybersecurity Defense Architect (SPLK-5003)

Practice Questions
2026 Statistics

Key Facts: Splunk O11y Cloud Certified Metrics User Exam

54

Official Questions

Splunk exam page

60 min

Time Limit

Splunk exam page

$130

Exam Fee

Splunk / Pearson VUE

8

Domain Areas

Official blueprint

Pass/Fail

Scoring

Splunk does not publish exact cut score

Pearson VUE

Exam Provider

Splunk official exam page

SPLK-4001 is a 54-question, 60-minute Pearson VUE exam covering eight domain areas: OpenTelemetry ingest (10%), Metrics Concepts (15%), Monitor Using Built-in Content (10%), Visualizing Metrics (15%), Alerting with Detectors (10%), Efficient Dashboards and Alerts (10%), Analytics (15%), and Detectors for Common Use Cases (15%). Splunk reports the result as pass or fail and does not publish an exact cut score. The exam targets observability engineers and SREs working with Splunk Observability Cloud Infrastructure Monitoring, the Splunk Distribution of OpenTelemetry Collector, and SignalFlow.

Sample Splunk O11y Cloud Certified Metrics User Practice Questions

Try these sample questions to test your Splunk O11y Cloud Certified Metrics User exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1On a Linux host, which deployment artifact does Splunk recommend for installing the Splunk Distribution of OpenTelemetry Collector?
A.Manual download of upstream OpenTelemetry binaries from GitHub
B.The Splunk-provided installer script that pulls the deb or rpm package
C.A Helm chart pushed to the host kubelet
D.A Docker image built from upstream OpenTelemetry source
Explanation: Splunk publishes a one-line installer script that downloads the appropriate deb or rpm package, drops the systemd unit, and writes the default agent configuration with the realm and access token supplied as arguments. Helm is for Kubernetes, not single Linux hosts.
2Which two values are required by the Splunk OpenTelemetry Collector Linux installer to send data to the correct Observability Cloud organization?
A.Username and password
B.Realm and access token
C.Org ID and API key
D.Tenant ID and client secret
Explanation: The installer needs the realm (e.g., us0, us1, eu0) so the agent connects to the right ingest endpoint and an access token tied to the org for authentication. Splunk Observability Cloud does not use username/password for ingest.
3After editing the OpenTelemetry Collector YAML on a Linux host, which step makes the changes take effect?
A.Run `otelcol reload` from any directory
B.Restart the splunk-otel-collector systemd service
C.Send a SIGHUP to the kernel
D.Re-run the installer script
Explanation: Configuration files are read at process start, so a `systemctl restart splunk-otel-collector` is the supported way to load changes. There is no `otelcol reload` command in the Splunk distribution and re-running the installer is unnecessary.
4Which OpenTelemetry Collector pipeline component is responsible for accepting data from telemetry sources?
A.Exporter
B.Processor
C.Receiver
D.Extension
Explanation: Receivers ingest data into the Collector (otlp, prometheus, hostmetrics, etc.). Processors transform telemetry in flight, exporters send it out, and extensions provide auxiliary capabilities like health_check and zpages.
5Which OpenTelemetry Collector receiver collects CPU, memory, disk, network, and load metrics from the host operating system?
A.otlp
B.hostmetrics
C.prometheus
D.filelog
Explanation: The hostmetrics receiver scrapes operating system level metrics from the local host. otlp receives OTLP-formatted telemetry, prometheus scrapes Prometheus endpoints, and filelog tails log files.
6Which exporter in the Splunk Distribution of OpenTelemetry Collector sends metrics to Splunk Observability Cloud?
A.splunk_hec
B.signalfx
C.logging
D.otlphttp
Explanation: The signalfx exporter forwards metrics, events, and trace correlation data to the Splunk Observability Cloud (formerly SignalFx) ingest. splunk_hec is for sending logs and traces to Splunk Enterprise/Cloud via HEC, not metrics to Observability Cloud.
7An OpenTelemetry Collector is dropping metrics under load and reporting that its memory limit was exceeded. Which processor should you add or tune to back-pressure incoming data BEFORE the Collector runs out of memory?
A.batch
B.memory_limiter
C.attributes
D.resourcedetection
Explanation: The memory_limiter processor monitors heap usage and refuses new data when configured soft and hard thresholds are crossed, protecting the Collector. batch only groups telemetry for export efficiency and does not enforce memory limits.
8Which OpenTelemetry Collector processor automatically adds dimensions like host.name, cloud.provider, and cloud.region to telemetry from the underlying environment?
A.attributes
B.filter
C.resourcedetection
D.transform
Explanation: The resourcedetection processor calls cloud and system detectors (ec2, gce, azure, system) and stamps resource attributes on outgoing telemetry. attributes only edits attributes you specify by key.
9An engineer needs to verify that a newly installed OpenTelemetry Collector is reaching the Splunk Observability Cloud ingest. Which built-in extension exposes a health endpoint they can curl from the host?
A.pprof
B.zpages
C.health_check
D.memory_ballast
Explanation: The health_check extension publishes an HTTP endpoint that returns 200 OK when pipelines are running. zpages exposes diagnostic web pages, pprof is for profiling, and memory_ballast pre-allocates heap.
10After installing the Splunk OpenTelemetry Collector on a Linux host, no host metrics appear in Splunk Observability Cloud and the agent log shows repeated 401 errors from the signalfx exporter. What is the MOST likely cause?
A.The hostmetrics receiver is misconfigured
B.The access token is invalid for the configured realm
C.The batch processor timeout is too low
D.The host firewall is blocking ICMP
Explanation: 401 from the signalfx exporter is an authentication failure — the access token is wrong, has been revoked, or does not belong to the realm the Collector is shipping to. Receiver and processor problems show up as different error patterns, and ICMP is irrelevant to HTTPS ingest.

About the Splunk O11y Cloud Certified Metrics User Exam

The Splunk O11y Cloud Certified Metrics User (SPLK-4001) exam validates the ability to operate Splunk Observability Cloud Infrastructure Monitoring at a working level. It covers OpenTelemetry Collector deployment, the Splunk Infrastructure Monitoring data model (datapoints, MTS, dimensions, properties, tags), built-in navigators and dashboards, chart and dashboard creation, SignalFlow analytics, and detector design for common monitoring use cases.

Assessment

54 multiple-choice questions

Time Limit

60 minutes

Passing Score

Pass/Fail (exact cut score not published by Splunk)

Exam Fee

$130 USD (Splunk / Pearson VUE)

Splunk O11y Cloud Certified Metrics User Exam Content Outline

10%

Get Metrics In with OpenTelemetry

Deploy the Splunk Distribution of OpenTelemetry Collector on Linux, supply realm and access token, edit YAML for receivers (otlp, hostmetrics, prometheus), processors (batch, memory_limiter, resourcedetection), and the signalfx exporter, and troubleshoot common ingest errors such as 401 from the exporter and memory_limiter dropping data.

15%

Metrics Concepts

Master the Splunk Infrastructure Monitoring data model. A datapoint is metric name plus value plus timestamp. An MTS is uniquely identified by metric name and the full set of dimension key/value pairs. Differentiate metric types (gauge, counter, cumulative counter), rollups (mean for gauges, rate for counters), and metadata (dimensions vs. properties vs. tags).

10%

Monitor Using Built-in Content

Use built-in navigators (Hosts, Kubernetes, AWS EC2, Azure VMs), the Kubernetes Cluster Map and Cluster Analyzer, built-in dashboards, and AutoDetect for hosts, k8s, and services. Subscribe to detectors for notifications without altering the detector definition.

15%

Introduction to Visualizing Metrics

Create charts and dashboards. Pick chart types (Line, Area, Column, Heatmap, Bar, Single Value, List, Gauge), use plots and formula plots, configure linear vs. logarithmic y-axis, search for metrics, and reuse with dashboard variables and mirrors.

10%

Introduction to Alerting on Metrics with Detectors

Create detectors from charts, clone existing detectors, build standalone detectors, and apply muting rules. Author detect() and when() rules with severity levels Info, Warning, Minor, Major, and Critical.

10%

Create Efficient Dashboards and Alerts

Use note widgets, dashboard variables and mirrors, dashboard-level dimension filters, the events overlay, runbook URLs in detector rules, and per-severity recipients to keep dashboards consistent and alerts actionable for on-call teams.

15%

Finding Insights Using Analytics

Apply SignalFlow analytics: data(), publish(), filter(), .mean()/.sum()/.count()/.percentile()/.top()/.bottom(), .scale(), .timeshift(), rolling windows with over=, formula plots for ratios, period-over-period comparisons, and rate-of-change.

15%

Detectors for Common Use Cases

Pick the right detector type (static threshold, sudden change, historical anomaly, population comparison) for each workload. Handle ephemeral pods and missing data, prevent flapping with duration requirements, group with by= dimensions for per-entity alerts, and combine conditions in when() for compound rules.

How to Pass the Splunk O11y Cloud Certified Metrics User Exam

What You Need to Know

  • Passing score: Pass/Fail (exact cut score not published by Splunk)
  • Assessment: 54 multiple-choice questions
  • Time limit: 60 minutes
  • Exam fee: $130 USD

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

Splunk O11y Cloud Certified Metrics User Study Tips from Top Performers

1Spend a balanced amount of time on each of the eight domains; no single area dominates the blueprint.
2Build muscle memory in the OpenTelemetry Collector YAML: receivers, processors (batch, memory_limiter, resourcedetection), and the signalfx exporter.
3Master the metric data model: datapoint vs. MTS, dimensions vs. properties vs. tags, and which rollup applies to gauges vs. counters.
4Practice SignalFlow primitives in the chart editor: data(), filter(), publish(), .mean(by=...), .percentile(), .timeshift(), and formula plots for ratios.
5Compare detector types side by side (static threshold, sudden change, historical anomaly, population comparison) and know when each is the right pick.
6Spend lab time on detector tuning: duration to prevent flapping, missing-data handling for ephemeral pods, by-dimension grouping for per-entity alerts.

Frequently Asked Questions

How many questions are on the Splunk SPLK-4001 exam?

Splunk's official exam page lists 54 multiple-choice questions for the Splunk O11y Cloud Certified Metrics User exam, with a 60-minute time limit.

What is the passing score for SPLK-4001?

Splunk reports the result as pass or fail and does not publish an exact numeric cut score. The practical study target is balanced competence across all eight domains rather than chasing a specific percentage.

Which domains does the SPLK-4001 cover?

Eight domains: OpenTelemetry ingest (10%), Metrics Concepts (15%), Monitor Using Built-in Content (10%), Visualizing Metrics (15%), Alerting with Detectors (10%), Efficient Dashboards and Alerts (10%), Analytics (15%), and Detectors for Common Use Cases (15%).

Is there a prerequisite for SPLK-4001?

Splunk does not require a prerequisite exam. Practical familiarity with Splunk Observability Cloud Infrastructure Monitoring, the OpenTelemetry Collector, and basic SignalFlow is strongly recommended.

How long should I study for SPLK-4001?

Most observability engineers and SREs need 30 to 50 hours combining Splunk's official learning paths, hands-on lab time in Observability Cloud, and timed practice question sets across all eight domains.

How much does the SPLK-4001 exam cost?

Splunk lists the exam fee as 130 USD per attempt, scheduled through Pearson VUE. Confirm current pricing for your region in the Splunk certification candidate handbook before scheduling.