SPLK-1002 Practice Questions

A.  

Run a search string and use the Save As button.

B.  

Use the New Event Type button from the Settings menu.

C.  

Use the Field Extractor to analyze and use the Save As button.

D.  

Select search criteria within the Event Type Builder.

A.  

Every event in the network index that does not have a value in this field.

B.  

Every event in the network index that does not contain a StatusCode of 200 and excluding events that do not have a value in this field.

C.  

Every event in the network index that does not contain a StatusCode of 200, including events that do not have a value in this field.

D.  

No results as the syntax is incorrect, the != field expression needs to be used instead of the NOT operator.

A.  

Events that contain the string value where A=

B.  

B.  

Events that contain the string value A=

B.  

C.  

Events where values of field are equal to values of field

B.  

D.  

Events where field A contains the string value

B.  

A.  

Regular expression

B.  

Delimiters

C.  

eval expression

D.  

table extraction

A.  

Streaming in some modes

B.  

Report generating

C.  

Distributable streaming

D.  

Centralized streaming

A.  

startswith

B.  

with

C.  

startingwith

D.  

firstevent

A.  

int()

B.  

count()

C.  

print()

D.  

tostring()

A.  

zoom out

B.  

selecting a bar on the timeline

C.  

deselect

D.  

selecting a range of bars on the timelines

A.  

Perform an external IP lookup based on a domain value found in events.

B.  

Use the field values in an HTTP error event to create a new ticket in an external system.

C.  

Launch secondary Splunk searches that use one or more field values from selected events.

D.  

Open a web browser to look up an HTTP status code.

A.  

POST

B.  

Drilldown

C.  

GET

D.  

Search