March Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! SPLK-1002 Splunk Core Certified Power User Exam is now Stable and With Pass Result

SPLK-1002 Practice Exam Questions and Answers

Splunk Core Certified Power User Exam

Last Update 1 day ago
Total Questions : 248

SPLK-1002 is stable now with all latest exam questions are added 1 day ago. Just download our Full package and start your journey with Splunk Core Certified Power User Exam certification. All these Splunk SPLK-1002 practice exam questions are real and verified by our Experts in the related industry fields.

SPLK-1002 PDF

SPLK-1002 PDF (Printable)
$48
$119.99

SPLK-1002 Testing Engine

SPLK-1002 PDF (Printable)
$56
$139.99

SPLK-1002 PDF + Testing Engine

SPLK-1002 PDF (Printable)
$70.8
$176.99
Question # 1

Which of the following searches will return events containing a tag named Privileged?

Options:

A.  

tag=Priv

B.  

tag=Priv*

C.  

tag=priv*

D.  

tag=privileged

Discussion 0
Question # 2

When using the transaction command, what does the argument maxspan do?

Options:

A.  

Sets the maximum total time between events in a transaction.

B.  

Sets the maximum length of all events within a transaction.

C.  

Sets the maximum total time between the earliest and latest events in a transaction.

D.  

Sets the maximum length that any single event can reach to be included in the transaction.

Discussion 0
Question # 3

By default, how is acceleration configured in the Splunk Common Information Model (CIM) add-on?

Options:

A.  

Turned off

B.  

Turned on

C.  

Determined automatically based on the sourcetype.

D.  

Determined automatically based on the data source.

Discussion 0
Question # 4

A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.

Options:

A.  

skipped or deferred

B.  

automatically accelerated

C.  

deleted

D.  

all of the above

Discussion 0
Question # 5

During the validation step of the Field Extractor workflow:

Select your answer.

Options:

A.  

You can remove values that aren't a match for the field you want to define

B.  

You can validate where the data originated from

C.  

You cannot modify the field extraction

Discussion 0
Question # 6

Where are the results of eval commands stored?

Options:

A.  

In a field.

B.  

In an index.

C.  

In a KV Store.

D.  

In a database.

Discussion 0
Question # 7

Data models are composed of one or more of which of the following datasets? (select all that apply)

Options:

A.  

Transaction datasets

B.  

Events datasets

C.  

Search datasets

D.  

Any child of event, transaction, and search datasets

Discussion 0
Question # 8

Which of the following searches will return events contains a tag name Privileged?

Options:

A.  

Tag= Priv

B.  

Tag= Pri*

C.  

Tag= Priv*

D.  

Tag= Privileged

Discussion 0
Question # 9

Highlighted search terms indicate _________ search results in Splunk.

Options:

A.  

Display as selected fields.

B.  

Sorted

C.  

Charted based on time

D.  

Matching

Discussion 0
Question # 10

Which of the following searches would return a report of sales by product-name?

Options:

A.  

chart sales by product_name

B.  

chart sum(price) as sales by product_name

C.  

stats sum(price) as sales over product_name

D.  

timechart list(sales), values(product_name)

Discussion 0
Question # 11

A user wants to convert numeric field values to strings and also to sort on those values.

Which command should be used first, the eval or the sort?

Options:

A.  

It doesn't matter whether eval or sort is used first.

B.  

Convert the numeric to a string with eval first, then sort.

C.  

Use sort first, then convert the numeric to a string with eval.

D.  

You cannot use the sort command and the eval command on the same field.

Discussion 0
Question # 12

Which of the following statements describe the search below? (select all that apply)

Index=main I transaction clientip host maxspan=30s maxpause=5s

Options:

A.  

Events in the transaction occurred within 5 seconds.

B.  

It groups events that share the same clientip and host.

C.  

The first and last events are no more than 5 seconds apart.

D.  

The first and last events are no more than 30 seconds apart.

Discussion 0
Question # 13

Which of the following statements describes this search?

sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)

Options:

A.  

This is a valid search and will display a timechart of the average duration, of each transaction event.

B.  

This is a valid search and will display a stats table showing the maximum pause among transactions.

C.  

No results will be returned because the transaction command must include the startswith and endswith options.

D.  

No results will be returned because the transaction command must be the last command used in the search pipeline.

Discussion 0
Question # 14

Which of the following eval command function is valid?

Options:

A.  

Int ()

B.  

Count ( )

C.  

Print ()

D.  

Tostring ()

Discussion 0
Question # 15

Which of the following statements describe the Common Information Model (CIM)? (select all that apply)

Options:

A.  

CIM is a methodology for normalizing data.

B.  

CIM can correlate data from different sources.

C.  

The Knowledge Manager uses the CIM to create knowledge objects.

D.  

CIM is an app that can coexist with other apps on a single Splunk deployment.

Discussion 0
Question # 16

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

Options:

A.  

The regex can no longer be edited.

B.  

The field being extracted will be required for all future events.

C.  

The events without the required field will not display in searches.

D.  

Only events with the required string will be included in the extraction.

Discussion 0
Question # 17

Which of the following searches show a valid use of macro? (Select all that apply)

Options:

A.  

index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField

B.  

index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField

C.  

index=main source=mySource oldField=* | eval newField='makeMyField(oldField)'| table _time newField

D.  

index=main source=mySource oldField=* | "'newField('makeMyField(oldField)')'" | table _time newField

Discussion 0
Question # 18

Which of the following statements about tags is true?

Options:

A.  

Tags are case insensitive.

B.  

Tags are created at index time.

C.  

Tags can make your data more understandable.

D.  

Tags are searched by using the syntax tag: :

Discussion 0
Question # 19

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?

Options:

A.  

Rank

B.  

Weight

C.  

Priority

D.  

Precedence

Discussion 0
Question # 20

What is the correct syntax to search for a tag associated with a value on a specific fields?

Options:

A.  

Tag-

B.  

Tag

C.  

Tag=::

D.  

Tag::=

Discussion 0
Question # 21

Which of the following statements describes the command below (select all that apply)

Sourcetype=access_combined | transaction JSESSIONID

Options:

A.  

An additional filed named maxspan is created.

B.  

An additional field named duration is created.

C.  

An additional field named eventcount is created.

D.  

Events with the same JSESSIONID will be grouped together into a single event.

Discussion 0
Question # 22

What does the transaction command do?

Options:

A.  

Groups a set of transactions based on time.

B.  

Creates a single event from a group of events.

C.  

Separates two events based on one or more values.

D.  

Returns the number of credit card transactions found in the event logs.

Discussion 0
Question # 23

Which of the following statements describes Search workflow actions?

Options:

A.  

By default. Search workflow actions will run as a real-time search.

B.  

Search workflow actions can be configured as scheduled searches,

C.  

The user can define the time range of the search when created the workflow action.

D.  

Search workflow actions cannot be configured with a search string that includes the transaction command

Discussion 0
Question # 24

When should transaction be used?

Options:

A.  

Only in a large distributed Splunk environment.

B.  

When calculating results from one or more fields.

C.  

When event grouping is based on start/end values.

D.  

When grouping events results in over 1000 events in each group.

Discussion 0
Question # 25

Which of these is NOT a field that is automatically created with the transaction command?

Options:

A.  

maxcount

B.  

duration

C.  

eventcount

Discussion 0
Question # 26

Use the dedup command to _____.

Options:

A.  

Rename a field in the index

B.  

remove duplicate values

C.  

provide an additional alias for the field that can

D.  

be used in the search criteria

Discussion 0
Question # 27

When a search returns __________, you can view the results as a list.

Options:

A.  

a list of events

B.  

transactions

C.  

statistical values

Discussion 0
Get SPLK-1002 dumps and pass your exam in 24 hours!

Free Exams Sample Questions