Home

Home / Splunk / SPLK-1002

Question list

List of questions

Question 1

(0)

A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?

Question 2

(0)

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

Question 3

(0)

Which group of users would most likely use pivots?

Question 4

(0)

When using timechart, how many fields can be listed after a by clause?

Question 5

(0)

What is the correct syntax to search for a tag associated with a value on a specific fields?

Question 6

(0)

What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?

Question 7

(0)

When should you use the transaction command instead of the scats command?

Question 8

(0)

Which of the following statements describes field aliases?

Question 9

(0)

What is the correct way to name a macro with two arguments?

Question 10

(0)

When using a field value variable with a Workflow Action, which punctuation mark will escape the data

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which tool uses data models to generate reports and dashboard panels without using SPL?

Which syntax is used to represent an argument in a macro definition?

Which are valid ways to create an event type? (select all that apply)

What are the two parts of a root event dataset?

A Splunk app is configured to extract domain names in web service logs and specify them as a field named domain. What workflow action would return an external IP lookup for the field named domain?

If there are fields in the data with values that are ' ' or empty but not null, which of the following would add a value?

The fields sidebar does not show________. (Select all that apply.)

Which delimiters can the Field Extractor (FX) detect? (select all that apply)

What is required for a macro to accept three arguments?

When using timechart, how many fields can be listed after a by clause?

Question 201 - SPLK-1002 discussion

Report

Which of the following examples would use a POST workflow action?

A.

Perform an external IP lookup based on a domain value found in events.

B.

Use the field values in an HTTP error event to create a new ticket in an external system.

C.

Launch secondary Splunk searches that use one or more field values from selected events.

D.

Open a web browser to look up an HTTP status code.

Suggested answer: B

Explanation:

The correct answer is B. Use the field values in an HTTP error event to create a new ticket in an external system.

A workflow action is a knowledge object that enables a variety of interactions between fields in events and other web resources. Workflow actions can create HTML links, generate HTTP POST requests, or launch secondary searches based on field values1.

There are three types of workflow actions that can be set up using Splunk Web: GET, POST, and Search2.

GET workflow actions create typical HTML links to do things like perform Google searches on specific values or run domain name queries against external WHOIS databases2.

POST workflow actions generate an HTTP POST request to a specified URI. This action type enables you to do things like creating entries in external issue management systems using a set of relevant field values2.

Search workflow actions launch secondary searches that use specific field values from an event, such as a search that looks for the occurrence of specific combinations of ipaddress and http_status field values in your index over a specific time range2.

Therefore, the example that would use a POST workflow action is B. Use the field values in an HTTP error event to create a new ticket in an external system. This example requires sending an HTTP POST request to the URI of the external system with the field values from the event as arguments.

The other examples would use different types of workflow actions. These examples are:

A) Perform an external IP lookup based on a domain value found in events: This example would use a GET workflow action to create a link to an external IP lookup service with the domain value as a parameter.

C) Launch secondary Splunk searches that use one or more field values from selected events: This example would use a Search workflow action to run another Splunk search with the field values from the event as search terms.

D) Open a web browser to look up an HTTP status code: This example would also use a GET workflow action to create a link to a web page that explains the meaning of the HTTP status code.

Splexicon:Workflowaction

About workflow actions in Splunk Web

Show Answer

asked 23/09/2024

Selladurai Ravi

42 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first