Which of the following statements are true for this search? (Select all that apply.) SEARCH: sourcetype=access* |fields action productld status

limits the fields are extracted

is looking for all events that include the search terms: fields AND action AND productld AND status

users the table command to improve performance

limits the fields are extracted

Use the dedup command to _____.

provide an additional alias for the field that can D.be used in the search criteria

We can use the rename command to _____ (Select all that apply.)

Give a field a new name at search time

Exclude fields from our search results

Extract new fields from our data using regular expressions

Give a field a new name at search time

Which of the following commands will show the maximum bytes?

sourcetype=access_* | stats max(bytes)

sourcetype=access_* | maximum totals by bytes

sourcetype=access_* | avg (bytes)

sourcetype=access_* | stats max(bytes)

sourcetype=access_* | max(bytes)

Which of the following searches will show the number of categoryld used by each host?

Sourcetype=access_* |stats sum(categorylD. by host

Sourcetype=access_* |sum bytes by host

Sourcetype=access_* |stats sum(categorylD. by host

Sourcetype=access_* |sum(bytes) by host

Sourcetype=access_* |stats sum by host

Clicking a SEGMENT on a chart, ________.

adds the highlighted value to the search criteria

highlights the field value across the chart

adds the highlighted value to the search criteria

The timechart command buckets data in time intervals depending on:

the type of visualization selected

Which of these search strings is NOT valid:

index=web status=50* | chart count over host, status

index=web status=50* | chart count over host by status

index=web status=50* | chart count by host, status

allows you to set colored ranges for a single-value visualization

creates a single-value visualization

allows you to set colored ranges for a single-value visualization

creates a radial gauge visualization

What will you learn from the results of the following search?sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

The average time elapsed during each transaction for all transactions

The average time for each event within each transaction

The average time between each transaction

Splunk SPLK-1002 Practice Test 3 - Free Online Exam Prep & Questions

Question 1 / 40

Splunk alerts can be based on search that run______. (Select all that apply.)

in real-time

on a regular schedule

and have no matching events

Comment (0)

Suggested answer: A, B

Explanation:

Splunk alerts can be based on searches that run in real-time or on a regular schedule3.An alert is a way to monitor your data and get notified when certain conditions are met3.You can create an alert by specifying a search and a triggering condition3.You can also specify how often you want to run the search and how you want to receive the alert notifications3.You can run the alert search in real-time, which means that it continuously monitors your data as it streams into Splunk3.Alternatively, you can run the alert search on a regular schedule, which means that it runs at fixed intervals such as every hour or every day3. Therefore, options A and B are correct, while option C is incorrect because it is not a way to run an alert search.

asked 23/09/2024

EDDIE LIN

49 questions

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

Splunk SPLK-1002 Practice Test 3

Question

Splunk SPLK-1002 Practice Tests

Practice Tests