ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1002

Splunk SPLK-1002 Practice Test - Questions Answers, Page 15

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which tool uses data models to generate reports and dashboard panels without using SPL?
Which syntax is used to represent an argument in a macro definition?
Which are valid ways to create an event type? (select all that apply)
What are the two parts of a root event dataset?
A Splunk app is configured to extract domain names in web service logs and specify them as a field named domain. What workflow action would return an external IP lookup for the field named domain?
If there are fields in the data with values that are ' ' or empty but not null, which of the following would add a value?
The fields sidebar does not show________. (Select all that apply.)
Which delimiters can the Field Extractor (FX) detect? (select all that apply)
What is required for a macro to accept three arguments?
When using timechart, how many fields can be listed after a by clause?

Question 141

Report
Export
Collapse

A data model can consist of what three types of datasets?

A.
Pivot, searches, and events.
A.
Pivot, searches, and events.
Answers
B.
Pivot, events, and transactions.
B.
Pivot, events, and transactions.
Answers
C.
Searches, transactions, and pivot.
C.
Searches, transactions, and pivot.
Answers
D.
Events, searches, and transactions.
D.
Events, searches, and transactions.
Answers
Suggested answer: D

Question 142

Report
Export
Collapse

When is a GET workflow action needed?

A.
To send field values to an external resource.
A.
To send field values to an external resource.
Answers
B.
To retrieve information from an external resource.
B.
To retrieve information from an external resource.
Answers
C.
To use field values to perform a secondary search.
C.
To use field values to perform a secondary search.
Answers
D.
To define how events flow from forwarders to indexes.
D.
To define how events flow from forwarders to indexes.
Answers
Suggested answer: B

Question 143

Report
Export
Collapse

Which command can include both an over and a by clause to divide results into sub-groupings?

A.
chart
A.
chart
Answers
B.
stats
B.
stats
Answers
C.
xyseries
C.
xyseries
Answers
D.
transaction
D.
transaction
Answers
Suggested answer: A

Question 144

Report
Export
Collapse

A user wants to create a new field alias for a field that appears in two sourcetypes.

How many field aliases need to be created?

A.
One.
A.
One.
Answers
B.
Two.
B.
Two.
Answers
C.
It depends on whether the original fields have the same name.
C.
It depends on whether the original fields have the same name.
Answers
D.
It depends on whether the two sourcetypes are associated with the same index.
D.
It depends on whether the two sourcetypes are associated with the same index.
Answers
Suggested answer: B

Question 145

Report
Export
Collapse

In the following eval statement, what is the value of description if the status is 503? index=main | eval description=case(status==200, 'OK', status==404, 'Not found', status==500, 'Internal Server Error')

A.
The description field would contain no value.
A.
The description field would contain no value.
Answers
B.
The description field would contain the value 0.
B.
The description field would contain the value 0.
Answers
C.
The description field would contain the value 'Internal Server Error'.
C.
The description field would contain the value 'Internal Server Error'.
Answers
D.
This statement would produce an error in Splunk because it is incomplete.
D.
This statement would produce an error in Splunk because it is incomplete.
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/ConditionalFunctions

Question 146

Report
Export
Collapse

In which Settings section are macros defined?

A.
Fields
A.
Fields
Answers
B.
Tokens
B.
Tokens
Answers
C.
Advanced Search
C.
Advanced Search
Answers
D.
Searches, Reports, Alerts
D.
Searches, Reports, Alerts
Answers
Suggested answer: C

Question 147

Report
Export
Collapse

Which of the following statements describes calculated fields?

A.
Calculated fields are only used on fields added by lookups.
A.
Calculated fields are only used on fields added by lookups.
Answers
B.
Calculated fields are a shortcut for repetitive and complex eval commands.
B.
Calculated fields are a shortcut for repetitive and complex eval commands.
Answers
C.
Calculated fields are a shortcut for repetitive and complex calc commands.
C.
Calculated fields are a shortcut for repetitive and complex calc commands.
Answers
D.
Calculated fields automatically calculate the simple moving average for indexed fields.
D.
Calculated fields automatically calculate the simple moving average for indexed fields.
Answers
Suggested answer: B

Question 148

Report
Export
Collapse

Which of the following is one of the pre-configured data models included in the Splunk Common Information Model (CIM) add-on?

A.
Access
A.
Access
Answers
B.
Accounting
B.
Accounting
Answers
C.
Authorization
C.
Authorization
Answers
D.
Authentication
D.
Authentication
Answers
Suggested answer: D

Question 149

Report
Export
Collapse

What happens when a user edits the regular expression (regex) field extraction generated in the Field Extractor (FX)?

A.
There is a limit to the number of fields that can be extracted.
A.
There is a limit to the number of fields that can be extracted.
Answers
B.
The user is unable to preview the extractions.
B.
The user is unable to preview the extractions.
Answers
C.
The extraction is added at index time.
C.
The extraction is added at index time.
Answers
D.
The user is unable to return to the automatic field extraction workflow.
D.
The user is unable to return to the automatic field extraction workflow.
Answers
Suggested answer: A

Question 150

Report
Export
Collapse

Consider the following search:

Index=web sourcetype=access_combined

The log shows several events that share the same JSESSIONID value (SD404K289O2F151). View the events as a group. From the following list, which search groups events by JSESSIONID?

A.
index=web sourcetype=access_combined SD404K289O2F151 I table JSESSIONID
A.
index=web sourcetype=access_combined SD404K289O2F151 I table JSESSIONID
Answers
B.
index=web sourcetype=access_combined JSESSIONID <SD404K289O2F151>
B.
index=web sourcetype=access_combined JSESSIONID <SD404K289O2F151>
Answers
C.
index=web sourcetype=access_combined I highlight JSESSIONID I search SD404K289O2F151
C.
index=web sourcetype=access_combined I highlight JSESSIONID I search SD404K289O2F151
Answers
D.
index-web sourcetype=access_combined I transaction JSESSIONID I search SD404K289O2F151
D.
index-web sourcetype=access_combined I transaction JSESSIONID I search SD404K289O2F151
Answers
Suggested answer: B
Total 291 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms