SPLK-1002 Practice Questions
300 real SPLK-1002 exam questions with expert-verified answers and explanations. Page 4 of 6.
- Question #151Creating Field Aliases and Calculated Fields
What type of command is eval?
eval commandcommand typesstreaming commandsdistributable streaming - Question #152Creating and Using Reports and Alerts
Which of the following is a feature of the Pivot tool?
Pivot toolReportsData ModelsNo SPL - Question #153Using Transforming Commands for Visualizations
When used with the timechart command, which value of the limit argument returns all values?
timechart commandSPLtransforming commandslimit argument - Question #154Creating and Managing Fields
Which field extraction method should be selected for comma-separated data?
Field extractionDelimited dataCSVField creation - Question #155Using the Common Information Model Add-On
What approach is recommended when using the Splunk Common Information Model (CIM) add- on to normalize data?
Splunk CIMData NormalizationData Models - Question #156Using the Common Information Model Add-On
Which of the following is included with the Common Information Model (CIM) add-on?
Common Information ModelCIM add-onEvent categorizationTags - Question #157Using Transforming Commands for Visualizations
For the following search, which field populates the x-axis? index=security sourcetype=linux secure | timechart count by action
timechartx-axis_timevisualizations - Question #158Creating and Managing Fields
In the Field Extractor, when would the regular expression method be used?
Field ExtractorRegular expressionsField extractionUnstructured data - Question #159Filtering and Grouping Results
Which of the following searches will return all clientip addresses that start with 108?
filtering datawhere commandlike functionstring pattern matching - Question #160Creating and Using Macros
What are search macros?
search macrosSplunk search languagereusability - Question #161Correlating Events
Which of the following options will define the first event in a transaction?
transaction commandevent correlationSPLstartswith - Question #162Basic Transforming Commands
The timechart command is an example of which of the following command types?
timechart commandTransforming commandsSPL command types - Question #163Creating and Using Workflow Actions
Which type of workflow action sends field values to an external resource (e.g. a ticketing system)?
Workflow actionsHTTP POSTExternal integrationData export - Question #164Correlating Events
What fields does the transaction command add to the raw events? (select all that apply)
transaction commandSPL commandsoutput fieldsevent correlation - Question #165Creating Tags and Event Types
How are event types different from saved reports?
Event TypesSaved ReportsKnowledge ObjectsTime Ranges - Question #166Correlating Events
When using the transaction command, how are evicted transactions identified?
transaction commandevicted transactionsClosed_txn fieldevent correlation - Question #167Creating Tags and Event Types
Which of the following statements about tags is true?
TagsData organizationSplunk search concepts - Question #168Correlating Events
Which of the following describes the I transaction command?
transaction commandevent groupingSPLevent correlation - Question #169Creating and Managing Fields
Which of the following eval commands will provide a new value for host from src if it exists?
eval commandfield manipulationconditional logicisnotnull - Question #170Creating and Using Macros
A macro has another macro nested within it, and this inner macro requires an argument. How can the user pass this argument into the SPL?
MacrosNested macrosMacro argumentsArgument passing - Question #171Creating Field Aliases and Calculated Fields
Which of the following statements about calculated fields in Splunk is true?
calculated fieldsfield chainingfield creationSplunk fields - Question #172Correlating Events
Why would the following search produce multiple transactions instead of one?
transaction commandmaxspanevent correlationtroubleshooting - Question #173Creating and Using Macros
How is a macro referenced in a search?
Splunk Search LanguageMacrosMacro InvocationSearch Syntax - Question #174Creating and Using Workflow Actions
Which workflow action type performs a secondary search?
workflow actionssecondary searchSplunk features - Question #175Creating Field Aliases and Calculated Fields
Which of the following objects can a calculated field use as a source?
Calculated FieldsField SourcesLookupsKnowledge Objects - Question #176Basic Transforming Commands
Which of the following transforming commands can be used with transactions?
Transforming commandsstats commandchart commandtimechart command - Question #177Creating and Managing Fields
If there are fields in the data with values that are " " or empty but not null, which of the following would add a value?
fillnull commandeval commandempty field valuesfield manipulation - Question #178Filtering and Grouping Results
Which syntax will find events where the values for the 1 field match the values for the Renewal- MonthYear field?
Splunk SPL`where` commandField comparisonSyntax - Question #179Creating and Using Macros
Which syntax is used to represent an argument in a macro definition?
MacrosMacro DefinitionArgumentsSyntax - Question #180Creating and Using Macros
Which of the following statements best describes a macro?
Splunk macrosKnowledge objectsSearch reusabilitySPL components - Question #181Creating Field Aliases and Calculated Fields
A field alias is created where field1--fieid2 and the Overwrite Field Values checkbox is selected. What happens if an event only contains values for fieid1?
Field AliasesOverwrite Field ValuesField ManipulationSplunk Knowledge Objects - Question #182Filtering and Grouping Results
Which search retrieves events with the event type web_errors?
Splunk SearchEvent TypesFiltering EventsSPL Syntax - Question #183Creating Tags and Event Types
What is the correct syntax to find events associated with a tag?
Splunk SearchTagsSearch SyntaxEvent Filtering - Question #184Creating and Using Workflow Actions
Which of the following examples would use a POST workflow action?
Workflow actionsPOST workflowExternal integrationEvent actions - Question #185Creating and Managing Fields
Which field will be used to populate the field if the productName and product:d fields have values for a given event?
Multivalue fieldsField creationField populationData types - Question #186Filtering and Grouping Results
What are the expected results for a search that contains the command | where A=B?
where commandfilteringfield comparisonSPL - Question #187Creating and Managing Fields
When would a user select delimited field extractions using the Field Extractor (FX)?
Field ExtractionDelimited DataField ExtractorData Parsing - Question #188Creating Field Aliases and Calculated Fields
A calculated field is a shortcut for performing repetitive, long, or complex transformations using which of the following commands?
Calculated Fieldseval commandField creationData transformation - Question #189Using Transforming Commands for Visualizations
A user runs the following search: index--X sourcetype=Y I chart count (domain) as count, sum (price) as sum by product, action usenull=f useother--f Which of the following table he...
chart commandstatistical functionsoutput formattinggrouping results - Question #190Creating and Using Reports and Alerts
Which of the following is true about Pivot?
PivotReportsVisualizationsData Model - Question #191Data Models
Which tool uses data models to generate reports and dashboard panels without using SPL?
PivotData ModelsReports & DashboardsGUI tools - Question #192Creating Field Aliases and Calculated Fields
Which knowledge object is used to normalize field names to comply with the Splunk Common Information Model (CIM)?
Field aliasCIMField normalizationKnowledge objects - Question #193Creating Tags and Event Types
How is an event type created from the search window? (select all that apply)
Event Type CreationSplunk UIConfiguration Fileseventtypes.conf - Question #194Correlating Events
Consider the following search: index=web sourcetype=access_corabined The log shows several events that share the same jsesszonid value (SD462K101O2F267). View the events as a group...
transaction commandevent groupingevent correlationSPL - Question #195Using the Common Information Model Add-On
Which of the following is true about the Splunk Common Information Model (CIM)?
Common Information ModelCIM data modelsData model acceleration - Question #196Creating and Using Macros
When defining a macro, what are the required elements?
Splunk macrosMacro definitionRequired elementsKnowledge objects - Question #197Creating Field Aliases and Calculated Fields
Which of the following expressions could be used to create a calculated field called gigabytes?
eval commandcalculated fieldsSPL syntaxfield creation - Question #198Using Transforming Commands for Visualizations
Consider the the following search run over a time range of last 7 days: index=web sourcetype=access_conbined | timechart avg(bytes) by product_nane Which option is used to change t...
timechart commandspan optiontime aggregationtransforming commands - Question #199Filtering and Grouping Results
What commands can be used to group events from one or more data sources?
Splunk commandsEvent groupingtransaction commandstats command - Question #200Creating Tags and Event Types
Tags can reference which of the following knowledge objects?
TagsKnowledge ObjectsField ManagementEvent Types