2023 Splunk SPLK-1002 Exam Dumps Questions

Category:

Comments:

0 Comments

Post Date:

October 14, 2023

Splunk certification is a highly valuable and sought-after certification for IT professionals seeking to enhance their knowledge and expertise. SPLK-1002 exam is specifically designed to validate the skills required to configure and maintain the Splunk Core Certified Power User platform, which is widely used by businesses around the world. These SPLK-1002 exam dumps questions are specifically designed to help you prepare for the exam by testing your knowledge and providing you with valuable insights into the types of questions that you will encounter. Test free Splunk SPLK-1002 exam questions below.

Page 1 of 9

1. Which command can include both an over and a by clause to divide results into sub-groupings?

chart

stats

xyseries

transaction

2. Data model are composed of one or more of which of the following datasets? (select all that apply.)

Events datasets

Search datasets

Transaction datasets

Any child of event, transaction, and search datasets

3. Which of the following file formats can be extracted using a delimiter field extraction?

CSV

PDF

XML

JSON

4. What does the fillnull command replace null values with, it the value argument is not specified?

N/A

NaN

NULL

5. Which type of workflow action sends field values to an external resource (e.g. a ticketing system)?

POST

GET

Format

6. The time range specified for a historical search defines the ____________ .------questionable on ans

Amount of data shown on the timeline as data streams in

Amount of data fetched from index matching that time range

Time range for the static results

7. When extracting fields, we may choose to use our own regular expressions

True

False

8. Which workflow action type performs a secondary search?

POST

Drilldown

GET

9. What type of command is eval?

Streaming in some modes

Report generating

Distributable streaming

Centralized streaming

10. The fields sidebar does not show________. (Select all that apply.)

interesting fields

selected fields

all extracted fields

Page 2 of 9

11. How is a variable for a macro defined?

Place the variable name inside of curly braces: {variable name}.

Place the variable name inside of asterisks: variable name.

Place the variable name inside of dollar signs: $variable name$.

Place the variable name inside of percentage signs: %variable name%.

12. When should the regular expression mode of Field Extractor (FX) be used? (select all that apply)

For data cleanly separated by a space, a comma, or a pipe character.

For data in a CSV (comma-separated value) file.

For data with multiple, different characters separating fields.

For unstructured data.

13. What is the correct way to name a macro with two arguments?

us_sales2

us_sales(1,2)

us_sale,2

us_sales(2)

14. When using | timechart by host, which field is represented in the x-axis?

date

host

time

_time

15. If a calculated field has the same name as an extracted field, what happens to the extracted field?

The calculated field will override the extracted field.

The calculated and extracted fields will be combined.

The calculated field will duplicate the extracted field.

An error will be returned and the search will fail.

16. What other syntax will produce exactly the same results as | chart count over vendor_action by user?

| chart count by vendor_action, user

| chart count over vendor_action, user

| chart count by vendor_action over user

| chart count over user by vendor_action

17. A field alias is created where field1―fieid2 and the Overwrite Field Values checkbox is selected.

What happens if an event only contains values for fieid1?

field2 values are removed from the events.

field1 and field2 values are merged.

field2 values are unchanged.

field2 values are replaced with the value of the field1.

18. When creating a data model, which root dataset requires at least one constraint?

Root transaction dataset

Root event dataset

Root child dataset

Root search dataset

19. When using transaction, what is the default maximum span between events?

Unlimited

20. Which of the following definitions describes a macro named "samplemacro" that accepts two arguments?

Examplemacro [1,2]

samplemacro(1,2)

u amp -CJEUCXG (2)

samplemacro[2]

Page 3 of 9

21. Which workflow action method can be used the action type is set to link?

GET

PUT

UPDATE

22. Information needed to create a GET workflow action includes which of the following? (select all that apply.)

A name of the workflow action

A URI where the user will be directed at search time.

A label that will appear in the Event Action menu at search time.

A name for the URI where the user will be directed at search time.

23. How does a user display a chart in stack mode?

By using the stack command.

By turning on the Use Trellis Layout option.

By changing Stack Mode in the Format menu.

You cannot display a chart in stack mode, only a timechart.

24. A POST workflow action will pass which types of arguments to an external website?

Clear text only.

A mix of clear text strings and variables.

It can only send raw event data.

Variables only.

25. Which of the following statements describes an event type?

A log level measurement: info, warn, error.

A knowledge object that is applied before fields are extracted.

A field for categorizing events based on a search string.

Either a log, a metric, or a trace.

26. A data model can consist of what three types of datasets?

Pivot, searches, and events.

Pivot, events, and transactions.

Searches, transactions, and pivot.

Events, searches, and transactions.

27. Which of the following statements about tags is true?

Tags are case insensitive.

Tags can make your data more understandable.

Tags are created at index time.

Tags are searched by using the syntax tag :: .

28. Which of the following searches would create a graph similar to the one below?

index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | start count states

index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | chart count states by -time

index_internal seourcetype=Savesplunker | fields sourcetype, status | transaction status maxspan-id | timechart count by status

None of these searches would generate a similart graph.

29. Field aliases are used to __________ data

clean

transform

calculate

normalize

30. There are several ways to access the field extractor.

Which option automatically identifies data type, source type, and sample event?

Event Actions > Extract Fields

Fields sidebar > Extract New Field

Settings > Field Extractions > New Field Extraction

Settings > Field Extractions > Open Field Extraction

Page 4 of 9

31. Which of the following statements describes Search workflow actions?

By default. Search workflow actions will run as a real-time search.

Search workflow actions can be configured as scheduled searches,

The user can define the time range of the search when created the workflow action.

Search workflow actions cannot be configured with a search string that includes the transaction command

32. Which of the following statements describes the command below (select all that apply)

Sourcetype=access_combined | transaction JSESSIONID

An additional filed named maxspan is created.

An additional field named duration is created.

An additional field named eventcount is created.

Events with the same JSESSIONID will be grouped together into a single event.

33. Which of the following data models are included in the Splunk Common Information Model (CIM)

add-on? (select all that apply)

User permissions

Alerts

Databases

34. Where are the descriptions of the data models that come with the Splunk Common Information Model (CIM) Add-on documented?

Search and reporting user manual.

CIM Add-on manual.

Pivot users manual.

Datamodel command reference guide.

35. When performing a regex field extraction with the Field Extractor (FX), a data type must be chosen before a sample event can be selected.

Which of the following data types are supported?

index or source

sourcetype or host

index or sourcetype

sourcetype or source

36. What is a benefit of installing the Splunk Common Information Model (CIM) add-on?

It permits users to create workflow actions to align with industry standards.

It provides users with a standardized set of field names and tags to normalize data.

It allows users to create 3-D models of their data and export these visualizations.

It enables users to itemize their events based on the results of the Search Job Inspector.

37. Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.

inputlookup

lookup

38. Select this in the fields sidebar to automatically pipe you search results to the rare command

events with this field

rare values

top values by time

top values

39. Which of the following is true about data model attributes?

They cannot be created within the data model.

They can only be added into a root search dataset.

They cannot be edited if inherited from a parent dataset.

They can be added to a dataset from search time field extractions.

40. What does the fillnull command replace null values with, if the value argument is not specified?

N/A

NaN

NULL

Page 5 of 9

41. How is a Search Workflow Action configured to run at the same time range as the original search?

Set the earliest time to match the original search.

Select the same time range from the time-range picker.

Select the "Use the same time range as the search that created the field listing" checkbox.

Select the "Overwrite time range with the original search" checkbox.

42. Which of the following describes the Splunk Common Information Model (CIM) add-on?

The CIM add-on uses machine learning to normalize data.

The CIM add-on contains dashboards that show how to map data.

The CIM add-on contains data models to help you normalize data.

The CIM add-on is automatically installed in a Splunk environment.

43. Which tool uses data models to generate reports and dashboard panels without using SPL?

Visualization tab

Pivot

Datasets

splunk CIM

44. It is mandatory for the lookup file to have this for an automatic lookup to work.

Source type

At least five columns

Timestamp

Input filed

45. Which of the following is true about Pivot?

Users can save reports from Pivot.

Users cannot share visualizations created with Pivot.

Users must use SPL to find events in a Pivot.

Users cannot create visualizations with Pivot.

46. __________ datasets can be added to root dataset to narrow down the search

parent

extracted

event

child

47. How is a Search Workflow Action configured to run at the same time range as the original search?

Select the "Overwrite time range with the original search" checkbox.

Select the "Use the same time range as the search that created the field listing" checkbox.

Set the earliest time to match the original search.

Select the same time range from the time-range picker.

48. The eval command allows you to do which of the following? (Choose all that apply.)

Format values

Convert values

Perform calculations

Use conditional statements

49. A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode.

Which field name appears in the results?

Both will appear in the All Fields list, but only if the alias is specified in the search.

Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.

The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.

The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.

50. What is the correct syntax to find events associated with a tag?

tag:=

tags=

tags:=

tag=

Page 6 of 9

51. In the Field Extractor, when would the regular expression method be used?

When events contain JSON data.

When events contain comma-separated data.

When events contain unstructured data.

When events contain table-based data.

52. In which Settings section are macros defined?

Fields

Tokens

Advanced Search

Searches, Reports, Alerts

53. How many ways are there to access the Field Extractor Utility?

54. Which of these is NOT a field that is automatically created with the transaction command?

maxcount

duration

eventcount

55. Which of the following searches would return a report of sales by product-name?

chart sales by product_name

chart sum(price) as sales by product_name

stats sum(price) as sales over product_name

timechart list(sales), values(product_name)

56. Which of the following statements describe data model acceleration? (select all that apply)

Root events cannot be accelerated.

Accelerated data models cannot be edited.

Private data models cannot be accelerated.

You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.

57. In the Field Extractor Utility, this button will display events that do not contain extracted fields.

Select your answer.

Selected-Fields

Non-Matches

Non-Extractions

Matches

58. The Splunk Common Information Model (CIM) is a collection of what type of knowledge object?

KV Store

Lookups

Saved searches

Data models

59. Which of the following searches will return events contains a tag name Privileged?

Tag= Priv

Tag= Pri*

Tag= Priv*

Tag= Privileged

60. When using the Field Extractor (FX), which of the following delimiters will work? (select all that apply)

Tabs

Pipes

Colons

Spaces

Page 7 of 9

61. Which of the following are required to create a POST workflow action?

Label, URI, search string.

XMI attributes, URI, name.

Label, URI, post arguments.

URI, search string, time range picker.

62. When used with the timechart command, which value of the limit argument returns all values?

limit=*

limit=all

limit=none

limit=0

63. The macro weekly sales (2) contains the search string:

index=games | eval ProductSales = $Price$ * $AmountSold$ Which of the following will return results?

‘weekly sales (3)’

‘weekly_sales($3.995, $108)’

'weekly_sales (3.99, 10)’

‘weekly sales (3.99, 10)’

64. Using the Field Extractor (FX) tool, a value is highlighted to extract and give a name to a new field. Splunk has not successfully extracted that value from all appropriate events.

What steps can be taken so Splunk successfully extracts the value from all appropriate events? (select all that apply)

A. Select an additional sample event with the Field Extractor (FX) and highlight the missing value in the event.

B. Re-ingest the data and attempt to extract from a new dataset.

C. Click on the event where the field was not extracted and choose “Change to Delimited".

D. Edit the regular expression manually.

65. We can use the rename command to _____ (Select all that apply.)

Change indexed fields

Exclude fields from our search results

Extract new fields from our data using regular expressions

Give a field a new name at search time

66. Which of the following is true about data sets used in the Pivot tool?

They can only be created from data models.

They can only be created by users with the Admin role.

They can only be created from summary indexes.

They can only be created from saved reports.

67. How are arguments defined within the macro search string?

Şarg$

'arg'

%arg%

"arg"

68. Clicking a SEGMENT on a chart, ________.

drills down for that value

highlights the field value across the chart

adds the highlighted value to the search criteria

69. A user wants to create a workflow action that will retrieve a specific field value from an event and run a search in a new browser window in the user's Splunk instance.

What kind of workflow action should they create?

A Run workflow action, because the user is running a new search with a specific field value from an event returned in the user's search.

A Search workflow action, because the user is running a new search with a specific field value from an event returned in the user's search.

A POST workflow action, because the search is being sent to the user's current Splunk instance.

A GET workflow action, because a field value needs to be retrieved from the events returned in the user's search.

70. Which field will be used to populate the field if the productName and product:d fields have values for a given event?

| eval productINFO=coalesco(productName,productid)

Both field values will be used and the product INFO field will become a multivalue field for the given event.

The value for the productName field because it appears first.

Neither field value will be used and the field will be assigned a NULL value for the given event.

The value for the field because it appears second.

Page 8 of 9

71. Which of the following can be saved as an event type?

A. index-server_472 sourcetype-BETA_494 code-488 I stats count by code

B. index=server_472 sourcetype=BETA_494 code=488 [I inputlookup append=t servercode.csv]

C. index=server_472 sourcetype=BETA_494 code=488 I stats where code > 200

D. index=server_472 sourcetype=BETA_494 code-488

72. Which of the following can be saved as an event type?

index=server_48 sourcetype=BETA_881 code=220

index=server_48 sourcetype=BETA_881 code=220 | stats count by code

index=server_48 sourcetype=BETA_881 code=220 | inputlookup append=t servercode.csv

index=server_48 sourcetype=BETA_881 code=220 | stats where code > 220

73. Which method in the Field Extractor would extract the port number from the following event? | 10/20/2022 - 125.24.20.1 ++++ port 54 - user: admin

Delimiter

rex command

The Field Extractor tool cannot extract regular expressions.

Regular expression

74. Splunk alerts can be based on search that run______. (Select all that apply.)

in real-time

on a regular schedule

and have no matching events

75. A user wants to convert numeric field values to strings and also to sort on those values.

Which command should be used first, the eval or the sort?

It doesn't matter whether eval or sort is used first.

Convert the numeric to a string with eval first, then sort.

Use sort first, then convert the numeric to a string with eval.

You cannot use the sort command and the eval command on the same field.

76. Which of the following statements describes POST workflow actions?

POST workflow actions are always encrypted.

POST workflow actions cannot use field values in their UR

POST workflow actions cannot be created on custom sourcetypes.

POST workflow actions can open a web page in either the same window or a new.

77. A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.

skipped or deferred

automatically accelerated

deleted

all of the above

78. The transaction command allows you to __________ events across multiple sources

duplicate

correlate

persist

tag

79. Which of the following searches show a valid use of a macro? (Choose all that apply.)

index=main source=mySource oldField=* |’makeMyField(oldField)’| table _time newField

index=main source=mySource oldField=* | stats if(‘makeMyField(oldField)’) | table _time newField

index=main source=mySource oldField=* | eval newField=’makeMyField(oldField)’| table _time newField

index=main source=mySource oldField=* | "’newField(‘makeMyField(oldField)’)’" | table _time newField

80. What will you learn from the results of the following search?

sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

The average time elapsed during each transaction for all transactions

The average time for each event within each transaction

The average time between each transaction

Page 9 of 9

81. What information must be included when using the datamodel command?

status field

Multiple indexes

Data model field name.

Data model dataset name.

82. When is a GET workflow action needed?

To send field values to an external resource.

To retrieve information from an external resource.

To use field values to perform a secondary search.

To define how events flow from forwarders to indexes.

83. Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?

maxpause

endswith

maxduration

maxspan

84. During the validation step of the Field Extractor workflow:

Select your answer.

You can remove values that aren't a match for the field you want to define

You can validate where the data originated from

You cannot modify the field extraction

85. What are the two parts of a root event dataset?

Fields and variables.

Fields and attributes.

Constraints and fields.

Constraints and lookups.

86. Where are the descriptions of the data models that come with the Splunk Common Information Model (CIM) Add-on documented?

Datamodel command reference guide.

Pivot users manual.

Search and reporting user manual.

CIM Add-on manual.

87. Which search string would only return results for an event type called success ful_purchases?

tag=success ful_purchases

Event Type:: successful purchases

successful_purchases

event type―success ful_purchases

TAGS:

SPLK-1002, SPLK-1002 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get SPLK-1002 Dumps Full Version

Q&As: 289
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

2023 Splunk SPLK-1002 Exam Dumps Questions

Related

Posts

SPLK-2002 Dumps Questions – Effective Way to Get Certified

Valid SPLK-1005 Exam Dumps are Your best Choice to Pass

SPLK-2003 Dumps Help You Study Objectives

Online SPLK-5001 Dumps Help You Understand Questions Well

About Us

EMAIL

Services

Opening Hours