SPLK-1002 Practice Questions

This function of the stats command allows you to identify the number of values a field has.

This function of the stats command allows you to return the sample standard deviation of a field.

Which of the following commands will show the maximum bytes?

Which of the following searches will show the number of categoryld used by each host?

This clause is used to group the output of a stats command by a specific name.

This function of the stats command allows you to return the middle-most value of field X.

When a search returns __________, you can view the results as a list.

Clicking a SEGMENT on a chart, ________.

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.

It is mandatory for the lookup file to have this for an automatic lookup to work.

These users can create global knowledge objects. (Select all that apply.)

This is what Splunk uses to categorize the data that is being indexed.

This is what Splunk uses to categorize the data that is being indexed.

By default search results are not returned in ________ order.

The stats command will create a _____________ by default.

Which is not a comparison operator in Splunk

Which of the following is NOT a stats function:

If a search returns ____________ it can be viewed as a chart.

In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status!=200 | chart count over host

The timechart command buckets data in time intervals depending on:

Which of these search strings is NOT valid:

Which command is used to create choropleth maps?

which of the following are valid options with the chart command

The gauge command:

What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

Which of these is NOT a field that is automatically created with the transaction command?

How many ways are there to access the Field Extractor Utility?

When extracting fields, we may choose to use our own regular expressions

Field aliases are used to __________ data

What is the correct way to name a macro with two arguments?

When using a field value variable with a Workflow Action, which punctuation mark will escape the data

__________ datasets can be added to root dataset to narrow down the search

Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?

The eval command 'if' function requires the following three arguments (in order):

Which search would limit an "alert" tag to the "host" field?

The transaction command allows you to __________ events across multiple sources

which of the following commands are used when creating visualizations(select all that apply.)

For choropleth maps,splunk ships with the following KMZ files (select all that apply)

Complete the search, .... | _____ failure>successes

These kinds of charts represent a series in a single bar with multiple sections

These allow you to categorize events based on search terms.

In the Field Extractor Utility, this button will display events that do not contain extracted fields.

During the validation step of the Field Extractor workflow:

Which of the following search modes automatically returns all extracted fields in the fields sidebar?

Where are the results of eval commands stored?

What other syntax will produce exactly the same results as | chart count over vendor_action by user?

Which of the following statements would help a user choose between the transaction and stats commands?

When can a pipe follow a macro?

Which of the following statements describes the use of the Filed Extractor (FX)?

Which of the following searches would return a report of sales by product-name?