Top Quality Splunk SPLK-1002 Training Online

NEW QUESTION 1

Which one of the following statements about the search command is true?

• A. It does not allow the use of wildcards.
• B. It treats field values in a case-sensitive manner.
• C. It can only be used at the beginning of the search pipeline.
• D. It behaves exactly like search strings before the first pipe.

Answer: C

NEW QUESTION 2

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?

• A. Rank
• B. Weight
• C. Priority
• D. Precedence

Answer: C

NEW QUESTION 3

Which of the following statements describe calculated fields? (select all that apply)

• A. Calculated fields can be used in the search bar.
• B. Calculated fields can be based on an extracted field.
• C. Calculated fields can only be applied to host and sourcetype.
• D. Calculated fields are shortcuts for performing calculations using the eval command.

Answer: BD

NEW QUESTION 4

Using the export function, you can export search results as _______.( Select all that apply)

• A. Xml
• B. Json
• C. Html
• D. A php file

Answer: AB

NEW QUESTION 5

What does the fillnull command replace null values with, it the value argument is not specified?

• A. N/A
• B. NaN
• C. NULL

Answer: A

NEW QUESTION 6

What is the relationship between data models and pivots?

• A. Data models provide the datasets for pivots.
• B. Pivots and data models have no relationship.
• C. Pivots and data models are the same thing.
• D. Pivots provide the datasets for data models.

Answer: D

NEW QUESTION 7

A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?

• A. Both will appear in the All Fields list, but only if the alias is specified in the search.
• B. Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.
• C. The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.
• D. The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.

Answer: B

NEW QUESTION 8

Which of the following statements describe the Common Information Model (QM)? (select all that apply)

• A. CIM is a methodology for normalizing data.
• B. CIM can correlate data from different sources.
• C. The Knowledge Manager uses the CIM to create knowledge objects.
• D. CIM is an app that can coexist with other apps on a single Splunk deployment.

Answer: AC

NEW QUESTION 9

Which of the following describes the Splunk Common Information Model (CIM) add-on?

• A. The CIM add-on uses machine learning to normalize data.
• B. The CIM add-on contains dashboards that show how to map data.
• C. The CIM add-on contains data models to help you normalize data.
• D. The CIM add-on is automatically installed in a Splunk environment.

Answer: C

NEW QUESTION 10

When creating a Search workflow action, which field is required?

• A. Search string
• B. Data model name
• C. Permission setting
• D. An eval statement

Answer: A

NEW QUESTION 11

Which delimiters can the Field Extractor (FX) detect? (select all that apply)

• A. Tabs
• B. Pipes
• C. Spaces
• D. Commas

Answer: ABCD

NEW QUESTION 12

In what order arc the following knowledge objects/configurations applied?

• A. Field Aliases, Field Extractions, Lookups
• B. Field Extractions, Field Aliases, Lookups
• C. Field Extractions, Lookups, Field Aliases
• D. Lookups, Field Aliases, Field Extractions

Answer: B

NEW QUESTION 13

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)

• A. Custom visualizations
• B. Pre-configured data models
• C. Fields and event category tags
• D. Automatic data model acceleration

Answer: AC

NEW QUESTION 14

A space is an implied _____ in a search string.

• A. OR
• B. AND
• C. ()
• D. NOT

Answer: B

NEW QUESTION 15

We can use the rename command to ______ (Select all that apply.)

• A. Change indexed fields
• B. Exclude fields from our search results
• C. Extract new fields from our data using regular expressions
• D. Give a field a new name at search time

Answer: D

NEW QUESTION 16

Which of the following statements describe the search string below?
dacamodel Application_State All_Application_State search

• A. Events will be returned from dataset named Application_state.
• B. Events will be returned from the data model named Application_State.
• C. Events will be returned from the data model named All_Application_state.
• D. No events will be returned because the pipe should occur after the datamodel command

Answer: C

NEW QUESTION 17

What do events in a transaction have In common?

• A. All events In a transaction must have the same timestamp.
• B. All events in a transaction must have the same sourcetype.
• C. All events in a transaction must have the exact same set of fields.
• D. All events in a transaction must be related by one or more fields.

Answer: B

NEW QUESTION 18

Which of the following searches show a valid use of macro? (Select all that apply)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: AC

NEW QUESTION 19

which of the following are valid options with the chart command

• A. useother
• B. usenull
• C. fillfield
• D. usefiled

Answer: AB

NEW QUESTION 20

What does the following search do?

• A. Creates a table of the total count of users and split by corndogs.
• B. Creates a table of the total count of mysterymeat corndogs split by user.
• C. Creates a table with the count of all types of corndogs eaten split by user.
• D. Creates a table that groups the total number of users by vegetarian corndogs.

Answer: A

NEW QUESTION 21

Which of the following knowledge objects represents the output of an oval expression?

• A. Eval fields
• B. Calculated fields
• C. Field extractions
• D. Calculated lookups

Answer: C

NEW QUESTION 22
......