ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1002

Splunk SPLK-1002 Practice Test - Questions Answers, Page 12

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which tool uses data models to generate reports and dashboard panels without using SPL?
Which syntax is used to represent an argument in a macro definition?
Which are valid ways to create an event type? (select all that apply)
What are the two parts of a root event dataset?
A Splunk app is configured to extract domain names in web service logs and specify them as a field named domain. What workflow action would return an external IP lookup for the field named domain?
If there are fields in the data with values that are ' ' or empty but not null, which of the following would add a value?
The fields sidebar does not show________. (Select all that apply.)
Which delimiters can the Field Extractor (FX) detect? (select all that apply)
What is required for a macro to accept three arguments?
When using timechart, how many fields can be listed after a by clause?

Question 111

Report
Export
Collapse

Which command is used to create choropleth maps?

A.
geostats
A.
geostats
Answers
B.
cluster
B.
cluster
Answers
C.
geom
C.
geom
Answers
Suggested answer: C

Question 112

Report
Export
Collapse

which of the following are valid options with the chart command

A.
useother
A.
useother
Answers
B.
usenull
B.
usenull
Answers
C.
fillfield
C.
fillfield
Answers
D.
usefiled
D.
usefiled
Answers
Suggested answer: A, B

Question 113

Report
Export
Collapse

The gauge command:

A.
creates a single-value visualization
A.
creates a single-value visualization
Answers
B.
allows you to set colored ranges for a single-value visualization
B.
allows you to set colored ranges for a single-value visualization
Answers
C.
creates a radial gauge visualization
C.
creates a radial gauge visualization
Answers
Suggested answer: B

Question 114

Report
Export
Collapse

What will you learn from the results of the following search?

sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

A.
The average time elapsed during each transaction for all transactions
A.
The average time elapsed during each transaction for all transactions
Answers
B.
The average time for each event within each transaction
B.
The average time for each event within each transaction
Answers
C.
The average time between each transaction
C.
The average time between each transaction
Answers
Suggested answer: A

Question 115

Report
Export
Collapse

Which of these is NOT a field that is automatically created with the transaction command?

A.
maxcount
A.
maxcount
Answers
B.
duration
B.
duration
Answers
C.
eventcount
C.
eventcount
Answers
Suggested answer: A

Question 116

Report
Export
Collapse

How many ways are there to access the Field Extractor Utility?

A.
3
A.
3
Answers
B.
4
B.
4
Answers
C.
1
C.
1
Answers
D.
5
D.
5
Answers
Suggested answer: A

Question 117

Report
Export
Collapse

When extracting fields, we may choose to use our own regular expressions

A.
True
A.
True
Answers
B.
False
B.
False
Answers
Suggested answer: A

Question 118

Report
Export
Collapse

Field aliases are used to __________ data

A.
clean
A.
clean
Answers
B.
transform
B.
transform
Answers
C.
calculate
C.
calculate
Answers
D.
normalize
D.
normalize
Answers
Suggested answer: D

Question 119

Report
Export
Collapse

Complete the search, .... | _____ failure>successes

A.
Search
A.
Search
Answers
B.
Where
B.
Where
Answers
C.
If
C.
If
Answers
D.
Any of the above
D.
Any of the above
Answers
Suggested answer: B

Explanation:

The where command can be used to complete the search below.

... | where failure>successes

The where command is a search command that allows you to filter events based on complex or custom criteri

a. The where command can use any boolean expression or function to evaluate each event and determine whether to keep it or discard it. The where command can also compare fields or perform calculations on fields using operators such as >, <, =, +, -, etc. The where command can be used after any transforming command that creates a table or a chart.

The search string below does the following:

It uses ... to represent any search criteria or commands before the where command.

It uses the where command to filter events based on a comparison between two fields: failure and successes.

It uses the greater than operator (>) to compare the values of failure and successes fields for each event.

It only keeps events where failure is greater than successes.

Question 120

Report
Export
Collapse

These kinds of charts represent a series in a single bar with multiple sections

A.
Multi-Series
A.
Multi-Series
Answers
B.
Split-Series
B.
Split-Series
Answers
C.
Omit nulls
C.
Omit nulls
Answers
D.
Stacked
D.
Stacked
Answers
Suggested answer: D

Explanation:

Stacked charts represent a series in a single bar with multiple sections. A chart is a graphical representation of data that shows trends, patterns, or comparisons. A chart can have different types, such as column, bar, line, area, pie, etc. A chart can also have different modes, such as split-series, multi-series, stacked, etc. A stacked chart is a type of chart that shows multiple series in a single bar or area with different sections for each series

Total 291 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms