SPLK-1002 V1

Which of the following statements describe calculated fields? (select all that apply)A . Calculated fields can be used in the search bar.B . Calculated fields can be based on an extracted field.C . Calculated fields can only be applied to host and sourcetype.D . Calculated fields are shortcuts for performing...

Calculated fields can be based on which of the following?A . TagsB . Extracted fieldsC . Output fields for a lookupD . Fields generated from a search stringView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields A calculated field is a field that you create based on the value of another field or...

In what order arc the following knowledge objects/configurations applied?A . Field Aliases, Field Extractions, LookupsB . Field Extractions, Field Aliases, LookupsC . Field Extractions, Lookups, Field AliasesD . Lookups, Field Aliases, Field ExtractionsView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/WhatisSplunkknowledge Knowledge objects are entities that you create to add knowledge to your...

Based on the macro definition shown below, what is the correct way to execute the macro in a search string? A . Convert_sales (euro, , 79)”B . Convert_sales (euro, , .79)C . Convert_sales ($euro,$$,s79$D . Convert_sales ($euro, $$,S,79$)View AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Usesearchmacros The correct way to execute the macro...

Highlighted search terms indicate _________ search results in Splunk.A . Display as selected fields.B . SortedC . Charted based on timeD . MatchingView AnswerAnswer: D Explanation: Highlighted search terms indicate matching search results in Splunk, which means that they show which parts of your events match your search string2. For...

The limit attribute will___________.A . override default of 10B . only work with top commandC . override default of 20D . override default of 15View AnswerAnswer: A

Which of the following search control will not re-rerun the search? (Select all that apply.)A . zoom outB . selecting a bar on the timelineC . deselectD . selecting a range of bars on the timelinesView AnswerAnswer: B, C, D Explanation: The timeline is a graphical representation of your search...

To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?A . Index-main | REJECT trans sessionidB . Index-main | transaction sessionid | search REJECTC . Index=main | transaction sessionid | whose transaction=rejectD . Index=main | transaction sessionid | where...

When using the Field Extractor (FX), which of the following delimiters will work? (select all that apply)A . TabsB . PipesC . ColonsD . SpacesView AnswerAnswer: A, B, D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep https://community.splunk.com/t5/Splunk-Search/Field-Extraction-Separate-on-Colon/m-p/29751 The Field Extractor (FX) is a tool that helps you extract fields from your data using delimiters...

Which of the following statements describes the command below (select all that apply) Sourcetype=access_combined | transaction JSESSIONIDA . An additional filed named maxspan is created.B . An additional field named duration is created.C . An additional field named eventcount is created.D . Events with the same JSESSIONID will be grouped...