Calculated fields can be based on which of the following?

Fields generated from a search string

Based on the macro definition shown below, what is the correct way to execute the macro in a search string?

Convert_sales ($euro, $$,S,79$)

Which of the following statements describes the command below (select all that apply)Sourcetype=access_combined | transaction JSESSIONID

An additional field named duration is created.

An additional field named eventcount is created.

Events with the same JSESSIONID will be grouped together into a single event.

An additional filed named maxspan is created.

An additional field named duration is created.

An additional field named eventcount is created.

Events with the same JSESSIONID will be grouped together into a single event.

Which of the following statements about tags is true?

Tags can make your data more understandable.

Tags are created at index time.

Tags can make your data more understandable.

Tags are searched by using the syntax tag: : <fieldneme>

Which of the following statements about data models and pivot are true? (select all that apply)

Pivot allows the creation of data visualizations that present different aspects of a data model.

They are both knowledge objects.

Data models are created out of datasets called pivots.

Pivot requires users to input SPL searches on data models.

Pivot allows the creation of data visualizations that present different aspects of a data model.

Which of the following describes the Splunk Common Information Model (CIM) add-on?

The CIM add-on contains data models to help you normalize data.

The CIM add-on uses machine learning to normalize data.

The CIM add-on contains dashboards that show how to map data.

The CIM add-on contains data models to help you normalize data.

The CIM add-on is automatically installed in a Splunk environment.

What does the transaction command do?

Creates a single event from a group of events.

Groups a set of transactions based on time.

Creates a single event from a group of events.

Separates two events based on one or more values.

Returns the number of credit card transactions found in the event logs.

Which of the following statements describe data model acceleration? (select all that apply)

Accelerated data models cannot be edited.

Private data models cannot be accelerated.

You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.

Root events cannot be accelerated.

Accelerated data models cannot be edited.

Private data models cannot be accelerated.

You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.

A user wants to convert numeric field values to strings and also to sort on those values.Which command should be used first, the eval or the sort?

Use sort first, then convert the numeric to a string with eval.

It doesn't matter whether eval or sort is used first.

Convert the numeric to a string with eval first, then sort.

Use sort first, then convert the numeric to a string with eval.

You cannot use the sort command and the eval command on the same field.

The Field Extractor (FX) is used to extract a custom field. A report can be created using this custom field. The created report can then be shared with other people in the organization. If another person in the organization runs the shared report and no results are returned, why might this be? (select all that apply)

The person in the organization running the report does not have access to the index.

Which one of the following statements about the search command is true?

It behaves exactly like search strings before the first pipe.

It does not allow the use of wildcards.

It treats field values in a case-sensitive manner.

It can only be used at the beginning of the search pipeline.

It behaves exactly like search strings before the first pipe.

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)

Automatic data model acceleration

Which of the following statements describes macros?

A macro Is a reusable search string that may have a flexible time range.

A macro is a reusable search string that must contain the full search.

A macro is a reusable search string that must have a fixed time range.

A macro Is a reusable search string that may have a flexible time range.

A macro Is a reusable search string that must contain only a portion of the search.

Which of the following statements describe calculated fields? (select all that apply)

Calculated fields can be used in the search bar.

Calculated fields can be based on an extracted field.

Calculated fields are shortcuts for performing calculations using the eval command.

Calculated fields can be used in the search bar.

Calculated fields can be based on an extracted field.

Calculated fields can only be applied to host and sourcetype.

Calculated fields are shortcuts for performing calculations using the eval command.

Which of the following statements is true, especially in large environments?

The stats command is faster and more efficient than the transaction command

Use the scats command when you next to group events by two or more fields.

The stats command is faster and more efficient than the transaction command

The transaction command is faster and more efficient than the stats command.

Use the transaction command when you want to see the results of a calculation.

Which of the following are required to create a POST workflow action?

URI, search string, time range picker.

Which of the following statements describe the search below? (select all that apply)Index=main I transaction clientip host maxspan=30s maxpause=5s

Events in the transaction occurred within 5 seconds.

It groups events that share the same clientip and host.

The first and last events are no more than 30 seconds apart.

Events in the transaction occurred within 5 seconds.

It groups events that share the same clientip and host.

The first and last events are no more than 5 seconds apart.

The first and last events are no more than 30 seconds apart.

Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro?

The macro name is sessiontracker(2) and the arguments are action, JESSIONID.

The macro name is sessiontracker and the arguments are action, JESSIONID.

The macro name is sessiontracker(2) and the arguments are action, JESSIONID.

The macro name is sessiontracker and the arguments are $action$, $JESSIONID$.

The macro name is sessiontracker(2) and the Arguments are $action$, $JESSIONID$.

After manually editing; a regular expression (regex), which of the following statements is true?

It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.

Changes made manually can be reverted in the Field Extractor (FX) UI.

It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.

It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor (FX) UI.

The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was manually edited.

To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?

Index-main | transaction sessionid | search REJECT

Index-main | REJECT trans sessionid

Index-main | transaction sessionid | search REJECT

Index=main | transaction sessionid | whose transaction=reject

Index=main | transaction sessionid | where transaction=reject''

Which of the following actions can the eval command perform?

Create or replace an existing field.

Group transactions by one or more fields.

Save SPL commands to be reused in other searches.

Which of the following statements describe the Common Information Model (CIM)? (select all that apply)

CIM is a methodology for normalizing data.

CIM can correlate data from different sources.

The Knowledge Manager uses the CIM to create knowledge objects.

CIM is a methodology for normalizing data.

CIM can correlate data from different sources.

The Knowledge Manager uses the CIM to create knowledge objects.

CIM is an app that can coexist with other apps on a single Splunk deployment.

Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (select all that apply)

Auto-Extracted fields can be hidden in Pivot.

Auto-Extracted fields can have their data type changed.

Auto-Extracted fields can be given a friendly name for use in Pivot.

Auto-Extracted fields can be added if they already exist in the dataset with constraints.

Auto-Extracted fields can be hidden in Pivot.

Auto-Extracted fields can have their data type changed.

Auto-Extracted fields can be given a friendly name for use in Pivot.

Auto-Extracted fields can be added if they already exist in the dataset with constraints.

Which of the following search control will not re-rerun the search? (Select all that apply.)

selecting a bar on the timeline

selecting a range of bars on the timelines

selecting a bar on the timeline

selecting a range of bars on the timelines

The time range specified for a historical search defines the ____________ .------questionable on ans

Amount of data fetched from index matching that time range

Amount of data shown on the timeline as data streams in

Amount of data fetched from index matching that time range

Time range for the static results

Splunk SPLK-1002 Practice Test 2 - Free Online Exam Prep & Questions

Question 1 / 40

Which of the following statements describes this search?

sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)

This is a valid search and will display a timechart of the average duration, of each transaction event.

This is a valid search and will display a stats table showing the maximum pause among transactions.

No results will be returned because the transaction command must include the startswith and endswith options.

No results will be returned because the transaction command must be the last command used in the search pipeline.

Comment (0)

Splunk SPLK-1002 Practice Test 2

Question

Splunk SPLK-1002 Practice Tests

Practice Tests