Home / Splunk / SPLK-1002

Question list

List of questions

Question 1

(0)

A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?

Question 2

(0)

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

Question 3

(0)

Which group of users would most likely use pivots?

Question 4

(0)

When using timechart, how many fields can be listed after a by clause?

Question 5

(0)

What is the correct syntax to search for a tag associated with a value on a specific fields?

Question 6

(0)

What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?

Question 7

(0)

When should you use the transaction command instead of the scats command?

Question 8

(0)

Which of the following statements describes field aliases?

Question 9

(0)

What is the correct way to name a macro with two arguments?

Question 10

(0)

When using a field value variable with a Workflow Action, which punctuation mark will escape the data

Question 228 - SPLK-1002 discussion

Consider the the following search run over a time range of last 7 days:

index=web sourcetype=access_conbined | timechart avg(bytes) by product_nane

Which option is used to change the default time span so that results are grouped into 12 hour intervals?

span=12h

timespan=12h

span=12

timespan=12

Show Answer

asked 23/09/2024

saiming wong

37 questions

Your answer: A B C D

0 comments

Sorted by