SPLK-1002 V3

Which of the following statements describes macros?A . A macro is a reusable search string that must contain the full search.B . A macro is a reusable search string that must have a fixed time range.C . A macro Is a reusable search string that may have a flexible time...

Select this in the fields sidebar to automatically pipe you search results to the rare commandA . events with this fieldB . rare valuesC . top values by timeD . top valuesView AnswerAnswer: B Explanation: The fields sidebar is a panel that shows the fields that are present in your...

We can use the rename command to _____ (Select all that apply.)A . Change indexed fieldsB . Exclude fields from our search resultsC . Extract new fields from our data using regular expressionsD . Give a field a new name at search timeView AnswerAnswer: D

Which of the following eval command function is valid?A . Int ()B . Count ( )C . Print ()D . Tostring ()View AnswerAnswer: D Explanation: The eval command supports a number of functions that you can use in your expressions to perform calculations, conversions, string manipulations and more2. One of...

Which of the following searches will return events contains a tag name Privileged?A . Tag= PrivB . Tag= Pri*C . Tag= Priv*D . Tag= PrivilegedView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity A tag is a descriptive label that you can apply to one or more fields or field values in your...

Data model are composed of one or more of which of the following datasets? (Select all that apply.)A . Events datasetsB . Search datasetsC . Transaction datasetsD . Any child of event, transaction, and search datasetsView AnswerAnswer: A, B, C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels Data models are collections of datasets that...

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)A . Custom visualizationsB . Pre-configured data modelsC . Fields and event category tagsD . Automatic data model accelerationView AnswerAnswer: BC Explanation: The Splunk Common Information Model (CIM) add-on is a collection of pre-built data models and...

A space is an implied _____ in a search string.A . ORB . ANDC . ()D . NOTView AnswerAnswer: B Explanation: A space is an implied AND in a search string, which means that it acts as a logical operator that returns events that match both terms on either side...

Which of the following can be used with the eval command tostring function (select all that apply)A . ‘’hex’’B . ‘’commas’’C . ‘’Decimal’’D . ‘’duration’’View AnswerAnswer: A, B, D Explanation: https://docs.splunk.com/Documentation/Splunk/8.1.0/SearchReference/ConversionFunctions#tostri ng.28X.2CY.29 The tostring function in the eval command converts a numeric value to a string value. It can take...

To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?A . Index-main | REJECT trans sessionidB . Index-main | transaction sessionid | search REJECTC . Index=main | transaction sessionid | whose transaction=rejectD . Index=main | transaction sessionid | where...