Page 1 out of 13. Viewing questions 1-15 out of 181
Question 1
Calculated fields can be based on which of the following? A. Tags B. Extracted fields C. Output fields for a lookup D. Fields generated from a search string
Answer:
B "Calculated fields can reference all types of field extractions and field aliasing, but they cannot reference lookups, event types, or tags."
Discussions
0/ 1000
nicolai
3 months ago
Extracted fields
gregory.armstrong
1 month, 3 weeks ago
B. Extracted Fields
Question 2
Which of the following eval command functions is valid? A. int() B. count() C. print() D. tostring()
Answer:
D //docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonEvalFunctions
Discussions
0/ 1000
Question 3
Which of the following statements describes the use of the Field Extractor (FX)?
A.
The Field Extractor automatically extracts all fields at search time.
B.
The Field Extractor uses PERL to extract fields from the raw events.
C.
Fields extracted using the Field Extractor persist as knowledge objects.
D.
Fields extracted using the Field Extractor do not persist and must be defined for each search.
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 4
Which of the following searches show a valid use of a macro? (Choose all that apply.)
A.
index=main source=mySource oldField=* |’makeMyField(oldField)’| table _time newField
C.
index=main source=mySource oldField=* | eval newField=makeMyField(oldField)| table _time newField
D.
index=main source=mySource oldField=* | "newField(makeMyField(oldField))" | table _time newField
Answer:
AC
User Votes:
A 2 votes
50%
B
50%
C 2 votes
50%
D
50%
Discussions
0/ 1000
Question 5
What is the correct format for naming a macro with multiple arguments?
A.
monthly_sales(argument 1, argument 2, argument 3)
B.
monthly_sales(3)
C.
monthly_sales[3]
D.
monthly_sales[argument 1, argument 2, argument 3)
Answer:
C
User Votes:
A 1 votes
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 6
Which statement is true?
A.
Pivot is used for creating datasets.
B.
Data models are randomly structured datasets.
C.
Pivot is used for creating reports and dashboards.
D.
In most cases, each Splunk user will create their own data model.
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 7
What is the Splunk Common Information Model (CIM)?
A.
The CIM is a prerequisite that any data source must meet to be successfully onboarded into Splunk.
B.
The CIM provides a methodology to normalize data from different sources and source types.
C.
The CIM defines an ecosystem of apps that can be fully supported by Splunk.
D.
The CIM is a data exchange initiative between software vendors.
Answer:
B
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
How is a Search Workflow Action configured to run at the same time range as the original search?
A.
Set the earliest time to match the original search.
B.
Select the same time range from the time-range picker.
C.
Select the "Use the same time range as the search that created the field listing" checkbox.
D.
Select the "Overwrite time range with the original search" checkbox.
Answer:
C
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
What does the fillnull command replace null values with, if the value argument is not specified?
A.
0
B.
N/A
C.
NaN
D.
NULL
Answer:
A
User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Which of the following searches will return events containing a tag named Privileged?
A.
tag=Priv
C.
tag=priv*
D.
tag=privileged
Answer:
B
User Votes:
A 1 votes
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 11
Data models are composed of one or more of which of the following datasets? (select all that apply) A. Transaction datasets B. Events datasets C. Search datasets D. Any child of event, transaction, and search datasets
Answer:
ABC Data model datasets have a hierarchical relationship with each other, meaning they have parent- child relationships. Data models can contain multiple dataset hierarchies. There are three types of event, search, and transaction. Datamodeldataset
Discussions
0/ 1000
Question 12
Consider the following search: Index=web sourcetype=access_combined The log shows several events that share the same JSESSIONID value (SD404K289O2F151). View the events as a group. From the following list, which search groups events by JSESSIONID?
A.
index=web sourcetype=access_combined SD404K289O2F151 I table JSESSIONID
B.
index=web sourcetype=access_combined JSESSIONID <SD404K289O2F151>
C.
index=web sourcetype=access_combined I highlight JSESSIONID I search SD404K289O2F151
D.
index-web sourcetype=access_combined I transaction JSESSIONID I search SD404K289O2F151
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
Question 13
What happens when a user edits the regular expression (regex) field extraction generated in the Field Extractor (FX)?
A.
There is a limit to the number of fields that can be extracted.
B.
The user is unable to preview the extractions.
C.
The extraction is added at index time.
D.
The user is unable to return to the automatic field extraction workflow.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Which of the following is one of the pre-configured data models included in the Splunk Common Information Model (CIM) add-on?
A.
Access
B.
Accounting
C.
Authorization
D.
Authentication
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Which of the following statements describes calculated fields?
A.
Calculated fields are only used on fields added by lookups.
B.
Calculated fields are a shortcut for repetitive and complex eval commands.
C.
Calculated fields are a shortcut for repetitive and complex calc commands.
D.
Calculated fields automatically calculate the simple moving average for indexed fields.
Extracted fields
B. Extracted Fields