- All Exams Instant Download
A calculated field maybe based on which of the following?
A calculated field maybe based on which of the following?A . Lookup tablesB . Extracted fieldsC . Regular expressionsD . Fields generated within a search stringView AnswerAnswer: B Explanation: As mentioned before, a calculated field is a field that you create based on the value of another field or fields2....
It is mandatory for the lookup file to have this for an automatic lookup to work.
It is mandatory for the lookup file to have this for an automatic lookup to work.A . Source typeB . At least five columnsC . TimestampD . Input filedView AnswerAnswer: D
Which of the following statements describes POST workflow actions?
Which of the following statements describes POST workflow actions?A . POST workflow actions are always encrypted.B . POST workflow actions cannot use field values in their URI.C . POST workflow actions cannot be created on custom sourcetypes.D . POST workflow actions can open a web page in either the same...
Which of the following statements describe the search below? (select all that apply)
Which of the following statements describe the search below? (select all that apply) Index=main I transaction clientip host maxspan=30s maxpause=5sA . Events in the transaction occurred within 5 seconds.B . It groups events that share the same clientip and host.C . The first and last events are no more than...
Which is not a comparison operator in Splunk
Which is not a comparison operator in SplunkA . <=B . =C . !=D . >E . ?=View AnswerAnswer: E Explanation: A comparison operator is a symbol that compares two values and returns a Boolean result (true or false)2. Splunk supports various comparison operators such as <, >, =, !=,...
Which of the following statements describe calculated fields? (select all that apply)
Which of the following statements describe calculated fields? (select all that apply)A . Calculated fields can be used in the search bar.B . Calculated fields can be based on an extracted field.C . Calculated fields can only be applied to host and sourcetype.D . Calculated fields are shortcuts for performing...
After manually editing; a regular expression (regex), which of the following statements is true?
After manually editing; a regular expression (regex), which of the following statements is true?A . Changes made manually can be reverted in the Field Extractor (FX) UI.B . It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.C . It is not possible to...
Which of the following statements describes Search workflow actions?
Which of the following statements describes Search workflow actions?A . By default. Search workflow actions will run as a real-time search.B . Search workflow actions can be configured as scheduled searches,C . The user can define the time range of the search when created the workflow action.D . Search workflow...
What is the correct syntax to search for a tag associated with a value on a specific fields?
What is the correct syntax to search for a tag associated with a value on a specific fields?A . Tag-<field?B . Tag<filed(tagname.)C . Tag=<filed>::<tagname>D . Tag::<filed>=<tagname>View AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/TagandaliasfieldvaluesinSplunkW eb A tag is a descriptive label that you can apply to one or more fields or field values...
When should you use the transaction command instead of the scats command?
When should you use the transaction command instead of the scats command?A . When you need to group on multiple values.B . When duration is irrelevant in search results..C . When you have over 1000 events in a transaction.D . When you need to group based on start and end...
