SPLK-1002 Practice Questions
300 real SPLK-1002 exam questions with expert-verified answers and explanations. Page 1 of 6.
- Question #1Creating and Managing Fields
When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?
Field ExtractionRegexField Extractor (FX)Require Option - Question #2Data Models
Which group of users would most likely use pivots?
PivotsUser rolesData modelsReporting - Question #3Using Transforming Commands for Visualizations
When using timechart, how many fields can be listed after a by clause?
timechart commandby clause_time fieldtransforming commands - Question #4Creating Tags and Event Types
What is the correct syntax to search for a tag associated with a value on a specific fields?
Splunk TaggingSearch SyntaxField TaggingSearching Tags - Question #5Using the Common Information Model Add-On
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?
CIMField normalizationField aliasesData standardization - Question #6Correlating Events
When should you use the transaction command instead of the scats command?
transaction commandstats commandevent groupingevent correlation - Question #7Creating Field Aliases and Calculated Fields
Which of the following statements describes field aliases?
Field aliasesData normalizationLookupsField management - Question #8Filtering and Grouping Results
What does the following search do? index=corndog type= mysterymeat action=eaten | stats count as corndog_count by user
stats commandfiltering eventsgrouping resultsaggregation - Question #9Creating and Using Workflow Actions
Which of the following statements describes Search workflow actions?
Workflow ActionsSearch ConfigurationTime RangeSplunk Search - Question #10Correlating Events
What do events in a transaction have In common?
TransactionsEvent correlationSplunk commandsField relationships - Question #11Creating and Using Workflow Actions
Which of the following statements describe GET workflow actions?
Workflow actionsGET workflow actionsConfigurationLink behavior - Question #12Data Models
Data model are composed of one or more of which of the following datasets? (select all that apply.)
Data ModelsData Model ComponentsEvent DatasetsSearch Datasets - Question #13Creating and Managing Fields
In what order arc the following knowledge objects/configurations applied?
Field ExtractionsField AliasesLookupsKnowledge Object Processing - Question #14Creating Field Aliases and Calculated Fields
Which of the following knowledge objects represents the output of an eval expression?
calculated fieldseval expressionknowledge objectsfield creation - Question #15Creating Field Aliases and Calculated Fields
A calculated field maybe based on which of the following?
Calculated FieldsField ExtractionData Manipulation - Question #16Creating and Managing Fields
Which of the following eval command function is valid?
eval commandeval functionsdata type conversiontostring - Question #17Filtering and Grouping Results
Which one of the following statements about the search command is true?
search commandSPL basicssearch pipelinefiltering - Question #18Using the Common Information Model Add-On
What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)
Splunk CIMData ModelsFieldsEvent Tags - Question #19Creating and Managing Fields
Which of the following file formats can be extracted using a delimiter field extraction?
Field ExtractionDelimiterCSVData Formats - Question #20Creating and Using Macros
Which of the following statements describes macros?
Splunk macrosMacro definitionReusable searchTime range flexibility - Question #21Creating Field Aliases and Calculated Fields
Which of the following statements describe calculated fields? (select all that apply)
Calculated fieldsField creationEval commandSearch time fields - Question #22Creating and Managing Fields
Which delimiters can the Field Extractor (FX) detect? (select all that apply)
Field ExtractorDelimitersField CreationAutomatic Fields - Question #23Basic Transforming Commands
Which of the following statements is true, especially in large environments?
stats commandtransaction commandperformancetransforming commands - Question #24Creating and Using Workflow Actions
Which of the following are required to create a POST workflow action?
Workflow actionsPOST actionConfigurationSplunk - Question #25Correlating Events
Which of the following statements describe the search below? (select all that apply) Index=main I transaction clientip host maxspan=30s maxpause=5s
transaction commandevent correlationmaxspanmaxpause - Question #26Creating and Using Macros
Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro?
Splunk macrosMacro configurationMacro argumentsMacro syntax - Question #27Creating and Managing Fields
After manually editing; a regular expression (regex), which of the following statements is true?
Field ExtractionRegexField Extractor UIField Management - Question #28Filtering and Formatting Results
What does the fillnull command replace null values with, it the value argument is not specified?
fillnull commandnull value handlingdata formattingdefault arguments - Question #29Correlating Events
To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?
transaction commandevent correlationfilteringSPL - Question #30Creating and Managing Fields
Which of the following actions can the eval command perform?
eval commandfield creationfield manipulationSPL - Question #31Using the Common Information Model Add-On
Which of the following statements describe the Common Information Model (CIM)? (select all that apply)
Common Information ModelData NormalizationData CorrelationKnowledge Objects - Question #32Creating Data Models
Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (select all that apply)
Data ModelsAuto-Extracted FieldsField ConfigurationPivot - Question #33Creating and Using Workflow Actions
When creating a Search workflow action, which field is required?
workflow actionssearch workflowrequired fieldsSplunk configuration - Question #34Filtering and Formatting Results
Selected fields are displayed ______each event in the search results.
Splunk UISearch resultsEvent displayField presentation - Question #35Filtering and Grouping Results
A space is an implied _____ in a search string.
Splunk Search SyntaxBoolean OperatorsAND operatorSearch Fundamentals - Question #36Working with Time
Which of the following search control will not re-rerun the search? (Select all that apply.)
Splunk UISearch ControlsTimeline InteractionSearch Execution - Question #37Filtering and Formatting Results
Highlighted search terms indicate _________ search results in Splunk.
Search resultsTerm highlightingBasic searchEvent matching - Question #38Filtering and Grouping Results
When you mouse over and click to add a search term this (thesE. Boolean operator(s) is(arE. not implied. (Select all that apply).
Splunk SearchBoolean LogicSearch UIFiltering - Question #39Working with Time
The time range specified for a historical search defines the ____________ .------questionable on ans
time rangehistorical searchdata fetchingsearch fundamentals - Question #40Filtering and Formatting Results
Using the export function, you can export search results as __________.( Select all that apply)
Export search resultsXML formatJSON formatSplunk Web UI - Question #41Creating and Managing Fields
The fields sidebar does not show________. (Select all that apply.)
Splunk UISearch interfaceFields sidebarExtracted fields - Question #42Creating and Using Reports and Alerts
Splunk alerts can be based on search that run______. (Select all that apply.)
Splunk alertsAlert schedulingReal-time alertsScheduled alerts - Question #43Creating and Using Reports and Alerts
Which of the following about reports is/are true?
ReportsKnowledge ObjectsScheduling ReportsReport Actions - Question #44Filtering and Grouping Results
Select this in the fields sidebar to automatically pipe you search results to the rare command
rare commandSplunk UIfields sidebardata exploration - Question #45Creating and Using Reports and Alerts
A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.
Report schedulingScheduled reports behaviorReport executionScheduler conflicts - Question #46Creating and Using Reports and Alerts
Which of the following are valid options to speed up reports? (Select all the apply.)
Report accelerationReport performanceSplunk reportsPerformance optimization - Question #47Filtering and Formatting Results
Which of the following statements are true for this search? (Select all that apply.) SEARCH: sourcetype=access* |fields action productld status
fields commandfield selectionSplunk search syntaxresult manipulation - Question #48Basic Transforming Commands
Use the dedup command to _____.
dedup commandSPLduplicate eventsfiltering - Question #49Creating and Managing Fields
We can use the rename command to _____ (Select all that apply.)
rename commandfield renamingsearch commandssearch time operations - Question #50Basic Transforming Commands
The limit attribute will___________.
limit attributeTransforming CommandsDefault values