Splunk Fundamentals 1 Practice Exam 2025 – 400 Free Practice Questions to Pass the Exam

The appropriate choice for creating lookups with data from external SQL databases is Splunk DB Connect. This app is specifically designed for the integration and management of data sourced from relational databases. It allows users to connect to SQL databases and perform various operations, including importing data, executing SQL queries, and creating lookups that can be used in Splunk searches or dashboards.

Splunk DB Connect offers functionalities that make it easier to extract and manipulate data from external databases, enabling seamless integration with Splunk's searching and visualization capabilities. This means that users can enrich their Splunk data with external information, enhancing the insights they gain from their logs and events.

The other options serve different purposes: Splunk Enterprise is the core platform that provides the Splunk framework but does not inherently manage SQL database connections. The Splunk Search app is primarily used for conducting searches and exploring data already indexed in Splunk rather than creating lookups from external data sources. Splunk IT Service Intelligence is focused on IT operational data management and monitoring and does not specifically deal with creating lookups from external SQL databases.