The Secret Of Splunk SPLK-1002 Braindump

NEW QUESTION 1

Which of the following statements describes macros?

• A. A macro is a reusable search string that must contain the full search.
• B. A macro is a reusable search string that must have a fixed time range.
• C. A macro Is a reusable search string that may have a flexible time range.
• D. A macro Is a reusable search string that must contain only a portion of the search.

Answer: C

NEW QUESTION 2

Which of the following knowledge objects represents the output of an oval expression?

• A. Eval fields
• B. Calculated fields
• C. Field extractions
• D. Calculated lookups

Answer: C

NEW QUESTION 3

These allow you to categorize events based on search terms. Select your answer.

• A. Groups
• B. Event Types
• C. Macros
• D. Tags

Answer: B

NEW QUESTION 4

Which of the following statements describes the command below (select all that apply) sourcetype-access_combined | transaction JSESSIONID

• A. An additional filed named maxspan is created.
• B. An additional Held named duration is created.
• C. An additional field named eventcount is created.
• D. Events with the same JSESSIONID will be grouped together into a single event.

Answer: BCD

NEW QUESTION 5

Which of the following statements describes the use of the Filed Extractor (FX)?

• A. The Field Extractor automatically extracts all field at search time.
• B. The Field Extractor uses PERL to extract field from the raw events.
• C. Field extracted using the Extracted persist as knowledge objects.
• D. Fields extracted using the Field Extractor do not persist and must be defined for each search.

Answer: C

NEW QUESTION 6

Which workflow uses field values to perform a secondary search?

• A. POST
• B. Action
• C. Search
• D. Sub-Search

Answer: C

Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/CreateworkflowactionsinSplunkWeb

NEW QUESTION 7

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?

• A. Rank
• B. Weight
• C. Priority
• D. Precedence

Answer: C

NEW QUESTION 8

What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

• A. The average time elapsed during each transaction for all transactions
• B. The average time for each event within each transaction
• C. The average time between each transaction

Answer: A

NEW QUESTION 9

By default search results are not returned in ______ order.

• A. Chronological
• B. Reverser chronological
• C. ASCIE
• D. Alphabetical

Answer: AD

NEW QUESTION 10

When using the transaction command, what does the argument maxspan do?

• A. Sets the maximum total time between events in a transaction.
• B. Sets the maximum length of all events within a transaction.
• C. Sets the maximum total time between the earliest and latest events in a transaction.
• D. Sets the maximum length that any single event can reach to be included in the transaction.

Answer: B

NEW QUESTION 11

Selected fields are displayed ______ each event in the search results.

• A. below
• B. interesting fields
• C. other fields
• D. above

Answer: A

NEW QUESTION 12

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)

• A. Custom visualizations
• B. Pre-configured data models
• C. Fields and event category tags
• D. Automatic data model acceleration

Answer: AC

NEW QUESTION 13

When using timechart, how many fields can be listed after a by clause? ( Choose Two )

• A. because timechart doesn't support using a by clause.
• B. because _time is already implied as the x-axis.
• C. because one field would represent the x-axis and the other would represent the y-axis.
• D. There is no limit specific to timechart.

Answer: BD

NEW QUESTION 14

What does the fillnull command replace null values with, it the value argument is not specified?

• A. N/A
• B. NaN
• C. NULL

Answer: A

NEW QUESTION 15

When using the Field Extractor (FX), which of the following delimiters will work? (select all that apply)

• A. Tabs
• B. Pipes
• C. Colons
• D. Spaces

Answer: ABD

NEW QUESTION 16

A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?

• A. Both will appear in the All Fields list, but only if the alias is specified in the search.
• B. Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.
• C. The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.
• D. The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.

Answer: B

NEW QUESTION 17

Which of the following workflow actions can be executed from search results? (select all that apply)

• A. GET
• B. POST
• C. LOOKUP
• D. Search

Answer: ABD

NEW QUESTION 18

Which delimiters can the Field Extractor (FX) detect? (select all that apply)

• A. Tabs
• B. Pipes
• C. Spaces
• D. Commas

Answer: ABCD

NEW QUESTION 19

In which of the following scenarios is an event type more effective than a saved search?

• A. When a search should always include the same time range.
• B. When a search needs to be added to other users' dashboards.
• C. When the search string needs to be used in future searches.
• D. When formatting needs to be included with the search string.

Answer: D

NEW QUESTION 20

Which of the following are valid options to speed up reports? (Select all the apply.)

• A. Edit permissions
• B. Edit description
• C. Edit acceleration
• D. Edit schedule

Answer: C

NEW QUESTION 21

Which of the following statements describes this search? sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)

• A. This is a valid search and will display a timechart of the average duration, of each transaction event.
• B. This is a valid search and will display a stats table showing the maximum pause among transactions.
• C. No results will be returned because the transaction command must include the startswith and endswith options.
• D. No results will be returned because the transaction command must be the last command used in the search pipeline.

Answer: A

NEW QUESTION 22
......