SPLK-1002 Exam - Splunk Core Certified Power User Exam

NEW QUESTION 1

Which of the following statements describes field aliases?

• A. Field alias names replace the original field name.
• B. Field aliases can be used in lookup file definitions.
• C. Field aliases only normalize data across sources and sourcetypes.
• D. Field alias names are not case sensitive when used as part of a search.

Answer: A

NEW QUESTION 2

A user wants to convert field values to string and also to sort on those value. Which command should be used first, the eval or the sort?

• A. It doesn't matter whether eval or sort is used first.
• B. Convert the numeric to a string with eval first, then sort.
• C. Use sort first, then convert the numeric to a string with eval.
• D. You cannot use the sort command and the eval command on the same field.

Answer: B

NEW QUESTION 3

Calculated fields can be based on which of the following?

• A. Tags
• B. Extracted fields
• C. Output fields for a lookup
• D. Fields generated from a search string

Answer: B

NEW QUESTION 4

Which of the following statements describes Search workflow actions?

• A. By defaul
• B. Search workflow actions will run as a real-time search.
• C. Search workflow actions can be configured as scheduled searches,
• D. The user can define the time range of the search when created the workflow action.
• E. Search workflow actions cannot be configured with a search string that includes the transaction command

Answer: C

NEW QUESTION 5

A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?

• A. Both will appear in the All Fields list, but only if the alias is specified in the search.
• B. Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.
• C. The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.
• D. The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.

Answer: B

NEW QUESTION 6

Data model are composed of one or more of which of the fo-owing datasets? (select all that apply.)

• A. Events datasets
• B. Search datasets
• C. Transaction datasets
• D. Any child of event, transaction, and search datasets

Answer: ABC

NEW QUESTION 7

Which of the following statements describes the command below (select all that apply) sourcetype-access_combined | transaction JSESSIONID

• A. An additional filed named maxspan is created.
• B. An additional Held named duration is created.
• C. An additional field named eventcount is created.
• D. Events with the same JSESSIONID will be grouped together into a single event.

Answer: BCD

NEW QUESTION 8

Which one of the following statements about the search command is true?

• A. It does not allow the use of wildcards.
• B. It treats field values in a case-sensitive manner.
• C. It can only be used at the beginning of the search pipeline.
• D. It behaves exactly like search strings before the first pipe.

Answer: C

NEW QUESTION 9

The transaction command allows you to ______ events across multiple sources

• A. duplicate
• B. correlate
• C. persist
• D. tag

Answer: B

NEW QUESTION 10

When should you use the transaction command instead of the scats command?

• A. When you need to group on multiple values.
• B. When duration is irrelevant in search result
• C. .
• D. When you have over 1000 events in a transaction.
• E. When you need to group based on start and end constraints.

Answer: C

NEW QUESTION 11

Which of the following statements describes this search? sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)

• A. This is a valid search and will display a timechart of the average duration, of each transaction event.
• B. This is a valid search and will display a stats table showing the maximum pause among transactions.
• C. No results will be returned because the transaction command must include the startswith and endswith options.
• D. No results will be returned because the transaction command must be the last command used in the search pipeline.

Answer: A

NEW QUESTION 12

Which of the following data model are included In the Splunk Common Information Model (CIM) add-on? (select all that apply)

• A. Alerts
• B. Email
• C. Database
• D. User permissions

Answer: ABC

NEW QUESTION 13

Which of the following knowledge objects represents the output of an oval expression?

• A. Eval fields
• B. Calculated fields
• C. Field extractions
• D. Calculated lookups

Answer: C

NEW QUESTION 14

The Field Extractor (FX) is used to extract a custom field. A report can be created using this custom field. The created report can then be shared with other people in the organization. If another person in the organization runs the shared report and no results are returned, why might this be? (select all that apply)

• A. Fast mode is enabled.
• B. The dashboard is private.
• C. The extraction is private
• D. The person in the organization running the report does not have access to the index.

Answer: BD

NEW QUESTION 15

Which of the following workflow actions can be executed from search results? (select all that apply)

• A. GET
• B. POST
• C. LOOKUP
• D. Search

Answer: ABD

NEW QUESTION 16

When using timechart, how many fields can be listed after a by clause? ( Choose Two )

• A. because timechart doesn't support using a by clause.
• B. because _time is already implied as the x-axis.
• C. because one field would represent the x-axis and the other would represent the y-axis.
• D. There is no limit specific to timechart.

Answer: BD

NEW QUESTION 17

These allow you to categorize events based on search terms. Select your answer.

• A. Groups
• B. Event Types
• C. Macros
• D. Tags

Answer: B

NEW QUESTION 18

Which of the following is the correct way to use the data model command to search field in the data model within the web dataset?

• A. | datamodel web search | filed web *
• B. | Search datamodel web web | filed web*
• C. | datamodel web web field | search web*
• D. Datamodel=web | search web | filed web*

Answer: A

NEW QUESTION 19

Which of the following can be used with the eval command tostring function (select all that apply)

• A. ‘’hex’’
• B. ‘’commas’’
• C. ‘’Decimal’’
• D. ‘’duration’’

Answer: ABD

NEW QUESTION 20

Which of the following statements describe calculated fields? (select all that apply)

• A. Calculated fields can be used in the search bar.
• B. Calculated fields can be based on an extracted field.
• C. Calculated fields can only be applied to host and sourcetype.
• D. Calculated fields are shortcuts for performing calculations using the eval command.

Answer: BD

NEW QUESTION 21

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?

• A. Rank
• B. Weight
• C. Priority
• D. Precedence

Answer: C

NEW QUESTION 22

Which of the following statements describes POST workflow actions?

• A. POST workflow actions are always encrypted.
• B. POST workflow actions cannot use field values in their URI.
• C. POST workflow actions cannot be created on custom sourcetypes.
• D. POST workflow actions can open a web page in either the same window or a new .

Answer: D

NEW QUESTION 23
......