SPLK-1002 Practice Questions
300 real SPLK-1002 exam questions with expert-verified answers and explanations. Page 3 of 6.
- Question #101Data Models
A data model consists of which three types of datasets?
data modelsdatasetsevent datasetssearch datasets - Question #102Creating and Using Workflow Actions
Which workflow uses field values to perform a secondary search?
Workflow ActionsSecondary SearchField ValuesSearch Workflow - Question #103Correlating Events
When using the transaction command, what does the argument maxspan do?
transaction commandmaxspan argumentevent correlationSPL - Question #104Filtering and Grouping Results
In most large Splunk environments, what is the most efficient command that can be used to group events by fields/
stats commandevent groupingdata aggregationSPL efficiency - Question #105Using the Common Information Model Add-On
Which knowledge Object does the Splunk Common Information Model (CIM) use to normalize dat
Splunk CIMKnowledge ObjectsData NormalizationMacros - Question #106Using Transforming Commands for Visualizations
Which of the following searches would create a graph similar to the one below?
transaction commandtransforming commandsvisualizationevent correlation - Question #107Creating and Using Workflow Actions
Information needed to create a GET workflow action includes which of the following? (select all that apply.)
Workflow ActionsGET action parametersSplunk UI elements - Question #108Using the Common Information Model Add-On
By default, how is acceleration configured in the Splunk Common Information Model (CIM) add- on?
CIM add-onData Model AccelerationDefault SettingsData Source Configuration - Question #109Creating Tags and Event Types
Which of the following statements about tags is true? (select all that apply.)
Splunk TagsData OrganizationEvent CategorizationField-Value Pairs - Question #110Creating and Managing Fields
There are several ways to access the field extractor. Which option automatically identifies data type, source type, and sample event?
Field ExtractionSplunk Web UIField CreationSource Type Identification - Question #111Creating and Using Reports and Alerts
Which statement is true?
PivotReportsDashboardsData Models - Question #112Correlating Events
When should transaction be used?
transaction commandevent correlationevent groupingstart/end events - Question #113Using Transforming Commands for Visualizations
When using | timchart by host, which filed is representted in the x-axis?
timchart commandX-axisTransforming commandsChart visualization - Question #114Creating and Using Workflow Actions
Which of the following statements describes POST workflow actions?
Workflow ActionsPOST ActionsHTTP POSTSplunk Configuration - Question #115Creating and Using Workflow Actions
What is a limitation of searches generated by workflow actions?
workflow actionspermissionssearch limitationsuser context - Question #116Creating and Using Workflow Actions
Which workflow action method can be used the action type is set to link?
Workflow actionsLink action typeHTTP methodsGET method - Question #117Using Transforming Commands for Visualizations
When using | timechart by host, which field is represented in the x-axis?
timechart command_time fieldx-axisSplunk visualizations - Question #118Using Transforming Commands for Visualizations
Which of the following commands support the same set of functions?
Transforming CommandsData AggregationStats CommandChart Command - Question #119Creating and Managing Fields
The eval command allows you to do which of the following? (Choose all that apply.)
eval commandfield manipulationdata transformationcalculations - Question #120Filtering and Grouping Results
When using the timechart command, how can a user group the events into buckets based on time?
timechart commandspan argumenttime bucketinggrouping results - Question #121Using Transforming Commands for Visualizations
Which type of visualization shows relationships between discrete values in three dimensions?
Visualization typesBubble chartThree dimensionsData relationships - Question #122Using the Common Information Model Add-On
Which of the following is a function of the Splunk Common Information Model (CIM)?
Splunk CIMCommon Information ModelData NormalizationData Standardization - Question #123Data Models
What information must be included when using the datamodel command?
datamodel commanddata model usageSplunk syntaxdataset name - Question #124Data Models
A data model can consist of what three types of datasets?
Data ModelsEvent datasetsSearch datasetsTransaction datasets - Question #125Creating and Using Workflow Actions
When is a GET workflow action needed?
Workflow actionsGET requestsExternal resourcesData retrieval - Question #126Using Transforming Commands for Visualizations
Which command can include both an over and a by clause to divide results into sub-groupings?
chart commandtransforming commandsover clausegrouping results - Question #127Creating Field Aliases and Calculated Fields
A user wants to create a new field alias for a field that appears in two sourcetypes. How many field aliases need to be created?
Field AliasesSourcetypesField ManagementData Normalization - Question #128Creating Field Aliases and Calculated Fields
In the following eval statement, what is the value of description if the status is 503? index=main | eval description=case(status==200, "OK", status==404, "Not found", status==500,...
eval commandcase functionconditional logiccalculated fields - Question #129Creating and Using Macros
In which Settings section are macros defined?
macrosSplunk settingssearch macrosSplunk UI - Question #130Creating Field Aliases and Calculated Fields
Which of the following statements describes calculated fields?
Calculated Fieldseval commandField Creation - Question #131Using the Common Information Model Add-On
Which of the following is one of the pre-configured data models included in the Splunk Common Information Model (CIM) add-on?
Splunk CIMData ModelsCIM Data ModelsAuthentication Data Model - Question #132Creating and Managing Fields
What happens when a user edits the regular expression (regex) field extraction generated in the Field Extractor (FX)?
Field ExtractionRegexField ExtractorSplunk Limitations - Question #133Filtering and Grouping Results
Consider the following search: Index=web sourcetype=access_combined The log shows several events that share the same JSESSIONID value (SD404K289O2F151). View the events as a group....
Filtering EventsSplunk Search LanguageField-Value SearchBasic Search - Question #134Data Models
Data models are composed of one or more of which of the following datasets? (select all that apply)
Data ModelsData Model ComponentsEvent DatasetsTransaction Datasets - Question #135Creating Tags and Event Types
Which of the following searches will return events containing a tag named Privileged?
SPL syntaxTag searchWildcardsCase sensitivity - Question #136Basic Transforming Commands
What does the fillnull command replace null values with, if the value argument is not specified?
fillnull commandnull valuesdefault argumentdata transformation - Question #137Creating and Using Workflow Actions
How is a Search Workflow Action configured to run at the same time range as the original search?
Workflow ActionsTime rangeConfigurationSearch context - Question #138Using the Common Information Model Add-On
What is the Splunk Common Information Model (CIM)?
Common Information ModelCIMData normalizationSource types - Question #139Data Models
Which statement is true?
PivotData ModelsReportsDashboards - Question #140Creating and Using Macros
What is the correct format for naming a macro with multiple arguments?
Splunk macrosMacro argumentsSPL syntax - Question #141Creating and Using Macros
Which of the following searches show a valid use of a macro? (Choose all that apply.)
Splunk macrosMacro syntaxEval commandSearch commands - Question #142Creating and Managing Fields
Which of the following statements describes the use of the Field Extractor (FX)?
Field ExtractorField ExtractionKnowledge ObjectsPersistence - Question #143Creating and Managing Fields
Which of the following eval command functions is valid?
eval commandfunctionstype conversiontostring - Question #144Creating Field Aliases and Calculated Fields
Calculated fields can be based on which of the following?
Calculated FieldsField ExtractionEval FunctionsField Creation - Question #145Creating and Managing Fields
Which method in the Field Extractor would extract the port number from the following event? | 10/20/2022 - 125.24.20.1 ++++ port 54 - user: admin <web error>
Field Extractionrex commandRegular ExpressionsSPL - Question #146Creating and Using Macros
The macro weekly sales (2) contains the search string: index=games | eval ProductSales = $Price$ * $AmountSold$ Which of the following will return results?
Splunk MacrosMacro ArgumentsMacro SyntaxEval Command - Question #147Filtering and Grouping Results
Which search string would only return results for an event type called success ful_purchases?
Event typesSplunk Search Language (SPL)Filtering resultsBasic search - Question #148Creating and Using Macros
The macro weekly_sales (2) contains the search string: index--games I eval Product Sales = $price$ $AmountS01d$ Which of the following will return results?
Splunk macrosMacro argumentsMacro invocationSPL syntax - Question #149Creating Data Models
When creating a data model, which root dataset requires at least one constraint?
Data ModelsRoot DatasetsConstraintsEvent Datasets - Question #150Creating Tags and Event Types
Which of the following statements describes an event type?
Event typesKnowledge objectsCategorizationSearch string