Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
SPLK-1002
Free trial
Verified
Question 26
For the following search, which field populates the x-axis?
index=security sourcetype=linux_secure | timechart count by action
- A: _time
- B: sourcetype
- C: action
- D: time
Question 27
Which knowledge object is used to normalize field names to comply with the Splunk Common Information Model (CIM)?
- A: Event types
- B: Tags
- C: Field alias
- D: Search workflow action
Question 28
Which of the following transforming commands can be used with transactions?
- A: chart, timechart, stats, eventstats
- B: chart, timechart, stats, diff
- C: chart, timechart, stats, pivot
- D: chart, timechart, datamodel, pivot
Question 29
What is the correct format for naming a macro with multiple arguments?
- A: monthly_sales[3]
- B: monthly_sales(3)
- C: monthly_sales(argument 1, argument 2, argument 3)
- D: monthly_sales[argument 1, argument 2, argument 3]
Question 30
What are search macros?
- A: A method to normalize fields.
- B: Lookup definitions in lookup tables.
- C: Categories of search results.
- D: Reusable pieces of search processing language.
Question 31
How is a macro referenced in a search?
- A: By using the macroname command.
- B: By enclosing the macro name in single-quote characters (').
- C: By using the macro command.
- D: By enclosing the macro name in backtick characters (').
Question 32
Which search string would only return results for an event type called successful_purchases?
- A: successful_purchases
- B: Event_Type::successful_purchases
- C: tag=successful_purchases
- D: eventtype=successful_purchases
Question 33
In the Field Extractor, when would the regular expression method be used?
- A: When events contain table-based data.
- B: When events contain comma-separated data.
- C: When events contain JSON data.
- D: When events contain unstructured data.
Question 34
Which of the following is true about data model attributes?
- A: They can only be added into a root search dataset.
- B: They cannot be created within the data model.
- C: They can be added to a dataset from search time field extractions.
- D: They cannot be edited if inherited from a parent dataset.
Question 35
Which of the following knowledge objects represents the output of an eval expression?
- A: Eval fields
- B: Calculated fields
- C: Field extractions
- D: Calculated lookups
Question 36
How is a variable for a macro defined?
- A: Place the variable name inside of percentage signs: %variable name%.
- B: Place the variable name inside of curly braces: {variable name}.
- C: Place the variable name inside of dollar signs: $variable name$.
- D: Place the variable name inside of asterisks: *variable name*.
Question 37
Which field will be used to populate the productINFO field if the productName and productId fields have values for a given event?
| eval productINFO=coalesce(productName, productId)
- A: The value for the productName field because it appears first.
- B: Neither field value will be used and the productINFO field will be assigned a NULL value for the given event.
- C: The value for the productID field because it appears second.
- D: Both field values will be used and the productINFO field will become a multivalue field for the given event.
That’s the end of your free questions
You’ve reached the preview limit for SPLK-1002Consider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!