- All Exams Instant Download
Which of the following statements describe Auto-Extracted fields?
Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (select all that apply)A . Auto-Extracted fields can be hidden in Pivot.B . Auto-Extracted fields can have their data type changed.C . Auto-Extracted fields can be given a friendly name for use...
Which command should be used first, the eval or the sort?
A user wants to convert numeric field values to strings and also to sort on those values. Which command should be used first, the eval or the sort?A . It doesn't matter whether eval or sort is used first.B . Convert the numeric to a string with eval first, then...
How does a user display a chart in stack mode?
How does a user display a chart in stack mode?A . By using the stack command.B . By turning on the Use Trellis Layout option.C . By changing Stack Mode in the Format menu.D . You cannot display a chart in stack mode, only a timechart.View AnswerAnswer: C Explanation: A...
If a search returns ____________ it can be viewed as a chart.
If a search returns ____________ it can be viewed as a chart.A . timestampsB . statisticsC . eventsD . keywordsView AnswerAnswer: B Explanation: If a search returns statistics, it can be viewed as a chart2. Statistics are tabular data that show the relationship between two or more fields2. You can...
When creating a Search workflow action, which field is required?
When creating a Search workflow action, which field is required?A . Search stringB . Data model nameC . Permission settingD . An eval statementView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Setupasearchworkflowaction A workflow action is a link that appears when you click an event field value in your search results2. A workflow...
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?A . Macros.B . Field aliases.C . The rename command.D . CIM does not work with different names for the same field.View AnswerAnswer: B Explanation: The Splunk Common Information Model (CIM) add-on helps you...
Which of the following searches will show the number of categoryld used by each host?
Which of the following searches will show the number of categoryld used by each host?A . Sourcetype=access_* |sum bytes by hostB . Sourcetype=access_* |stats sum(categorylD. by hostC . Sourcetype=access_* |sum(bytes) by hostD . Sourcetype=access_* |stats sum by hostView AnswerAnswer: B
In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status! = 200 | chart count over host
In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status! = 200 | chart count over hostA . statusB . hostC . countView AnswerAnswer: C Explanation: In this search, count will appear on the y-axis2. This search uses the chart command to create a chart of the count...
