SPLK-1002 Dumps
SPLK-1002 Braindumps SPLK-1002 Real Questions SPLK-1002 Practice Test SPLK-1002 Actual Questions
Splunk Core Certified Power User
https://killexams.com/pass4sure/exam-detail/SPLK-1002
Question: 168
Which of the following statements about event types is true? (select all that apply) A . Event types can be tagged.
B . Event types must include a time range,
C . Event types categorize events based on a search.
D . Event types can be a useful method for capturing and sharing knowledge.
Reference: https://www.edureka.co/blog/splunk-events-event-types-and-tags/
Question: 169
To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?
A . Index-main | REJECT trans sessionid
B . Index-main | transaction sessionid | search REJECT
C . Index=main | transaction sessionid | whose transaction=reject D . Index=main | transaction sessionid | where transaction=reject’’
Question: 170
Which of the following statements describe data model acceleration? (select all that apply) A . Root events cannot be accelerated.
B . Accelerated data models cannot be edited. C . Private data models cannot be accelerated.
D . You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.
Question: 171
Which of the following statements would help a user choose between the transaction and stars commands? A . stats can only group events using IP addresses.
B . The transaction command is faster and more efficient.
C . There is a 1000 event limitation with the transaction command.
D . Use stats when the events need to be viewed as a single correlated event.
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Transaction
Question: 172
Which one of the following statements about the search command is true? A . It does not allow the use of wildcards.
B . It treats field values in a case-sensitive manner.
C . It can only be used at the beginning of the search pipeline. D . It behaves exactly like search strings before the first pipe.
Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Search/Usethesearchcommand
Question: 173
When using the Field Extractor (FX), which of the following delimiters will work? (Choose all that apply.) A . Tabs
B . Pipes C . Colons D . Spaces
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep
Question: 174
When can a pipe follow a macro?
A . A pipe may always follow a macro. B . The current user must own the macro.
C . The macro must be defined in the current app.
D . Only when sharing is set to global for the macro.
Question: 175
Data models are composed of one or more of which of the following datasets? (Choose all that apply.)
A . Events datasets B . Search datasets
C . Transaction datasets
D . Any child of event, transaction, and search datasets
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels
Question: 176
Based on the macro definition shown below, what is the correct way to execute the macro in a search string?
A . "convert_sales(euro,,.79)" B . ‘convert_sales(euro,,.79)’
C . "convert_sales($euro$,$$,$.79$)" D . ‘convert_sales($euro$,$$,$.79$)’
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Usesearchmacros
Question: 177
Which of the following actions can the eval command perform? A . Remove fields from results.
B . Create or replace an existing field.
C . Group transactions by one or more fields.
D . Save SPL commands to be reused in other searches.
Question: 178
Which group of users would most likely use pivots? A . Users
B . Architects
C . Administrators
D . Knowledge Managers
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Pivot/IntroductiontoPivot
Question: 179
Which delimiters can the Field Extractor (FX) detect? (Choose all that apply.) A . Tabs
B . Pipes C . Spaces
D . Commas
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep
Question: 180
Which of the following statements describe the Common Information Model (CIM)? (Choose all that apply.) A . CIM is a methodology for normalizing data.
B . CIM can correlate data from different sources.
C . The Knowledge Manager uses the CIM to create knowledge objects.
D . CIM is an app that can coexist with other apps on a single Splunk deployment.
Explanation:
Reference: https://docs.splunk.com/Documentation/CIM/4.15.0/User/Overview
Question: 181
There are several ways to access the field extractor.
Which option automatically identifies the data type, source type, and sample event? A . Event Actions > Extract Fields
B . Fields sidebar > Extract New Fields
C . Settings > Field Extractions > New Field Extraction D . Settings > Field Extractions > Open Field Extractor
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.4/Knowledge/Managesearchtimefieldextractions
Question: 182
Which of the following knowledge objects represents the output of an eval expression? A . Eval fields
B . Calculated fields C . Field extractions
D . Calculated lookups
Reference: https://docs.splunk.com/Splexicon:Calculatedfield
Question: 183
By default, how is acceleration configured in the Splunk Common Information Model (CIM) add-on? A . Turned off.
B . Turned on.
C . Determined automatically based on the source type. D . Determined automatically based on the data source.
Question: 184
What do events in a transaction have in common?
A . All events in a transaction must have the same timestamp. B . All events in a transaction must have the same source type.
C . All events in a transaction must have the exact same set of fields. D . All events in a transaction must be related by one or more fields.
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Abouttransactions
Question: 185
When multiple event types with different color values are assigned to the same event, what determines the color displayed for the event?
A . Rank B . Weight C . Priority
D . Precedence
Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes