2023 Splunk SPLK-1002 Exam Dumps Questions

Category:

Comments:

0 Comments

Post Date:

October 14, 2023

Splunk certification is a highly valuable and sought-after certification for IT professionals seeking to enhance their knowledge and expertise. SPLK-1002 exam is specifically designed to validate the skills required to configure and maintain the Splunk Core Certified Power User platform, which is widely used by businesses around the world. These SPLK-1002 exam dumps questions are specifically designed to help you prepare for the exam by testing your knowledge and providing you with valuable insights into the types of questions that you will encounter. Test free Splunk SPLK-1002 exam questions below.

Page 1 of 9

1. Which of the following statements about data models and pivot are true? (select all that apply)

They are both knowledge objects.

Data models are created out of datasets called pivots.

Pivot requires users to input SPL searches on data models.

Pivot allows the creation of data visualizations that present different aspects of a data model.

2. Which of the following data model are included In the Splunk Common Information Model (CIM) add-on? (select all that apply)

Alerts

Database

User permissions

3. A data model can consist of what three types of datasets?

Pivot, searches, and events.

Pivot, events, and transactions.

Searches, transactions, and pivot.

Events, searches, and transactions.

4. Which of the following statements describe GET workflow actions?

GET workflow actions must be configured with POST arguments.

Configuration of GET workflow actions includes choosing a sourcetype.

Label names for GET workflow actions must include a field name surrounded by dollar signs.

GET workflow actions can be configured to open the URT link in the current window or in a new window

5. Which of the following is NOT a stats function:

sum

addtotals

count

avg

6. What does the fillnull command replace null values with, if the value argument is not specified?

N/A

NaN

NULL

7. What field must be present in order to use the timechart command?

_raw

rime

_time

index

8. When used with the timechart command, which value of the limit argument returns all values?

limit=*

limit=all

limit=none

limit=0

9. Which of the following statements about calculated fields in Splunk is true?

Calculated fields cannot be chained together to create more complex fields

Calculated fields can be chained together to create more complex fields.

Calculated fields can only be used in dashboards.

Calculated fields can only be used in saved reports.

10. When should transaction be used?

Only in a large distributed Splunk environment.

When calculating results from one or more fields.

When event grouping is based on start/end values.

When grouping events results in over 1000 events in each group.

Page 2 of 9

11. By default search results are not returned in ________ order.

Chronological

Reverser chronological

ASCIE

Alphabetical

12. Which of the following statements describe calculated fields? (select all that apply)

Calculated fields can be used in the search bar.

Calculated fields can be based on an extracted field.

Calculated fields can only be applied to host and sourcetype.

Calculated fields are shortcuts for performing calculations using the eval command.

13. How does a user display a chart in stack mode?

By using the stack command.

By turning on the Use Trellis Layout option.

By changing Stack Mode in the Format menu.

You cannot display a chart in stack mode, only a timechart.

14. Highlighted search terms indicate _________ search results in Splunk.

Display as selected fields.

Sorted

Charted based on time

Matching

15. When using the eval command, which of these characters can be used to concatenate a string and a number into a single value?

& (ampersand)

+ (plus)

- (tilde)

. (period)

16. When would a user select delimited field extractions using the Field Extractor (FX)?

When a log file has values that are separated by the same character, for example, commas.

When a log file contains empty lines or comments.

With structured files such as JSON or XM

When the file has a header that might provide information about its structure or format.

17. Which of the following can be used with the eval command tostring function (select all that apply)

‘’hex’’

‘’commas’’

‘’Decimal’’

‘’duration’’

18. When using | timchart by host, which filed is representted in the x-axis?

date

host

time

-time

19. This function of the stats command allows you to identify the number of values a field has.

max

distinct_count

fields

count

20. When does the CIM add-on apply preconfigured data models to the data?

Search time

Index time

On a cron schedule

At midnight

Page 3 of 9

21. During the validation step of the Field Extractor workflow:

Select your answer.

You can remove values that aren't a match for the field you want to define

You can validate where the data originated from

You cannot modify the field extraction

22. What type of command is eval?

Streaming in some modes

Report generating

Distributable streaming

Centralized streaming

23. Which of the following statements describes POST workflow actions?

POST workflow actions are always encrypted.

POST workflow actions cannot use field values in their UR

POST workflow actions cannot be created on custom sourcetypes.

POST workflow actions can open a web page in either the same window or a new .

24. Which is not a comparison operator in Splunk

25. Which of the following statements describe data model acceleration? (select all that apply)

Root events cannot be accelerated.

Accelerated data models cannot be edited.

Private data models cannot be accelerated.

You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.

26. When would transaction be used instead of stats?

To group events based on a single field value.

To see results of a calculation.

To have a faster and more efficient search.

To group events based on start/end values.

27. How many ways are there to access the Field Extractor Utility?

28. Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro?

The macro name is sessiontracker and the arguments are action, JESSIONI

The macro name is sessiontracker(2) and the arguments are action, JESSIONI

The macro name is sessiontracker and the arguments are $action$, $JESSIONID$.

The macro name is sessiontracker(2) and the Arguments are $action$, $JESSIONID$.

29. There are several ways to access the field extractor.

Which option automatically identifies data type, source type, and sample event?

Event Actions > Extract Fields

Fields sidebar > Extract New Field

Settings > Field Extractions > New Field Extraction

Settings > Field Extractions > Open Field Extraction

30. which of the following commands are used when creating visualizations(select all that apply.)

Geom

Choropleth

Geostats

iplocation

Page 4 of 9

31. What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?

Macros.

Field aliases.

The rename command.

CIM does not work with different names for the same field.

32. Which of the following is true about a datamodel that has been accelerated?

They can be used with Pivot, the | tstats command, or the | datamodel command.

They can still be used in the Pivot tool but only with the accelerate_pivot capability.

They can no longer be used in the Pivot tool.

They can be used with the |tstats command, but will only return that data which has been accelerated.

33. How is a Search Workflow Action configured to run at the same time range as the original search?

Select the "Overwrite time range with the original search" checkbox.

Select the "Use the same time range as the search that created the field listing" checkbox.

Set the earliest time to match the original search.

Select the same time range from the time-range picker.

34. The stats command will create a _____________ by default.

Table

Report

Pie chart

35. Which of the following are required to create a POST workflow action?

Label, URI, search string.

XMI attributes, URI, name.

Label, URI, post arguments.

URI, search string, time range picker.

36. Which of the following search control will not re-rerun the search? (Select all that apply.)

zoom out

selecting a bar on the timeline

deselect

selecting a range of bars on the timelines

37. When using the Field Extractor (FX), which of the following delimiters will work? (select all that apply)

Tabs

Pipes

Colons

Spaces

38. What approach is recommended when using the Splunk Common Information Model (CIM) add-on to normalize data?

Consult the CIM data model reference tables.

Run a search using the authentication command.

Consult the CIM event type reference tables.

Run a search using the correlation command.

39. Which workflow action type performs a secondary search?

POST

Drilldown

GET

40. Which group of users would most likely use pivots?

Users

Architects

Administrators

Knowledge Managers

Page 5 of 9

41. Which of the following is one of the pre-configured data models included in the Splunk Common Information Model (CIM) add-on?

Access

Accounting

Authorization

Authentication

42. The macro weekly sales (2) contains the search string:

index=games | eval ProductSales = $Price$ * $AmountSold$ Which of the following will return results?

‘weekly sales (3)’

‘weekly_sales($3.995, $108)’

'weekly_sales (3.99, 10)’

‘weekly sales (3.99, 10)’

43. When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?

Rank

Weight

Priority

Precedence

44. Consider the the following search run over a time range of last 7 days:

index=web sourcetype=access_conbined | timechart avg(bytes) by product_nane

Which option is used to change the default time span so that results are grouped into 12 hour intervals?

span=12h

timespan=12h

span=12

timespan=12

45. What happens to the original field name when a field alias is created?

The original field name is not affected by the creation of a field alias.

The original field name is replaced by the field alias within the index.

The original field name is italicized to indicate that it is not an alias.

The original field name still exists in the index but is not visible to the user at search time.

46. Which statement is true?

Pivot is used for creating datasets.

Data models are randomly structured datasets.

Pivot is used for creating reports and dashboards.

In most cases, each Splunk user will create their own data model.

47. Which of the following statements about tags is true?

Tags are case insensitive.

Tags can make your data more understandable.

Tags are created at index time.

Tags are searched by using the syntax tag :: .

48. Which of the following options will define the first event in a transaction?

startswith

with

startingwith

firstevent

49. Which of the following is true about data sets used in the Pivot tool?

They can only be created from data models.

They can only be created by users with the Admin role.

They can only be created from summary indexes.

They can only be created from saved reports.

50. Which of the following knowledge objects represents the output of an eval expression?

Eval fields

Calculated fields

Field extractions

Calculated lookups

Page 6 of 9

51. What will you learn from the results of the following search?

sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

The average time elapsed during each transaction for all transactions

The average time for each event within each transaction

The average time between each transaction

52. Which one of the following statements about the search command is true?

It does not allow the use of wildcards.

It treats field values in a case-sensitive manner.

It can only be used at the beginning of the search pipeline.

It behaves exactly like search strings before the first pipe.

53. Which of the following searches will return all clientip addresses that start with 108?

… | where like (clientip, “108.% )

… | where (clientip, "108. %")

… | where (clientip=108. % )

… | search clientip=108

54. For the following search, which field populates the x-axis?

index=security sourcetype=linux secure | timechart count by action

action

source type

_time

time

55. Which of the following searches would return a report of sales by product-name?

chart sales by product_name

chart sum(price) as sales by product_name

stats sum(price) as sales over product_name

timechart list(sales), values(product_name)

56. A calculated field maybe based on which of the following?

Lookup tables

Extracted fields

Regular expressions

Fields generated within a search string

57. Using the Field Extractor (FX) tool, a value is highlighted to extract and give a name to a new field. Splunk has not successfully extracted that value from all appropriate events.

What steps can be taken so Splunk successfully extracts the value from all appropriate events? (select all that apply)

A. Select an additional sample event with the Field Extractor (FX) and highlight the missing value in the event.

B. Re-ingest the data and attempt to extract from a new dataset.

C. Click on the event where the field was not extracted and choose “Change to Delimited".

D. Edit the regular expression manually.

58. The transaction command allows you to __________ events across multiple sources

duplicate

correlate

persist

tag

59. Which of the following statements describes calculated fields?

Calculated fields are only used on fields added by lookups.

Calculated fields are a shortcut for repetitive and complex eval commands.

Calculated fields are a shortcut for repetitive and complex calc commands.

Calculated fields automatically calculate the simple moving average for indexed fields.

60. This is what Splunk uses to categorize the data that is being indexed.

sourcetype

index

source

host

Page 7 of 9

61. What is the correct Boolean order of evaluation for the where command from first to last?

NOT, Parentheses, OR, AND

AND, Parentheses, NOT, OR

Parentheses, NOT, AND, OR

Parentheses, NOT, OR, AND

62. Which field will be used to populate the field if the productName and product:d fields have values for a given event?

| eval productINFO=coalesco(productName,productid)

Both field values will be used and the product INFO field will become a multivalue field for the given event.

The value for the productName field because it appears first.

Neither field value will be used and the field will be assigned a NULL value for the given event.

The value for the field because it appears second.

63. Which of the following is included with the Common Information Model (CIM) add-on?

Search macros

Event category tags

Workflow actions

tsidx files

64. Which of these is NOT a field that is automatically created with the transaction command?

maxcount

duration

eventcount

65. Which of the following workflow actions can be executed from search results? (select all that apply)

GET

POST

LOOKUP

66. Data model fields can be added using the Auto-Extracted method.

Which of the following statements describe Auto-Extracted fields? (select all that apply)

Auto-Extracted fields can be hidden in Pivot.

Auto-Extracted fields can have their data type changed.

Auto-Extracted fields can be given a friendly name for use in Pivot.

Auto-Extracted fields can be added if they already exist in the dataset with constraints.

67. Which of the following statements describes macros?

A macro is a reusable search string that must contain the full search.

A macro is a reusable search string that must have a fixed time range.

A macro Is a reusable search string that may have a flexible time range.

A macro Is a reusable search string that must contain only a portion of the search.

68. Which of the following statements is true, especially in large environments?

Use the scats command when you next to group events by two or more fields.

The stats command is faster and more efficient than the transaction command

The transaction command is faster and more efficient than the stats command.

Use the transaction command when you want to see the results of a calculation.

69. What are the two parts of a root event dataset?

Fields and variables.

Fields and attributes.

Constraints and fields.

Constraints and lookups.

70. Which of these stats commands will show the total bytes for each unique combination of page and server?

index=web | stats sum (bytes) BY page BY server

index=web | stats sum (bytes) BY page server

index=web | stats sum(bytes) BY page AND server

index=web | stats sum(bytes) BY values (page) values (server)

Page 8 of 9

71. What is a benefit of installing the Splunk Common Information Model (CIM) add-on?

It permits users to create workflow actions to align with industry standards.

It provides users with a standardized set of field names and tags to normalize data.

It allows users to create 3-D models of their data and export these visualizations.

It enables users to itemize their events based on the results of the Search Job Inspector.

72. When you mouse over and click to add a search term this (these. Boolean operator(s) is(are. not implied. (Select all that apply).

( )

AND

NOT

73. If a search returns ____________ it can be viewed as a chart.

timestamps

statistics

events

keywords

74. Which of the following eval command functions is valid?

int()

count()

print()

tostring()

75. What is the correct format for naming a macro with multiple arguments?

monthly_sales(argument 1, argument 2, argument 3)

monthly_sales(3)

monthly_sales[3]

monthly_sales[argument 1, argument 2, argument 3)

76. Which of the following is true about data model attributes?

They cannot be created within the data model.

They can only be added into a root search dataset.

They cannot be edited if inherited from a parent dataset.

They can be added to a dataset from search time field extractions.

77. Which of the following statements describes Search workflow actions?

By default. Search workflow actions will run as a real-time search.

Search workflow actions can be configured as scheduled searches,

The user can define the time range of the search when created the workflow action.

Search workflow actions cannot be configured with a search string that includes the transaction command

78. Which of the following statements describes the use of the Filed Extractor (FX)?

The Field Extractor automatically extracts all field at search time.

The Field Extractor uses PERL to extract field from the raw events.

Field extracted using the Extracted persist as knowledge objects.

Fields extracted using the Field Extractor do not persist and must be defined for each search.

79. Which of the following transforming commands can be used with transactions?

chart, timechart, stats, eventstats

chart, timechart, stats, diff

chart, timeehart, datamodel, pivot

chart, timecha:t, stats, pivot

80. Use the dedup command to _____.

Rename a field in the index

remove duplicate values

provide an additional alias for the field that can

be used in the search criteria

Page 9 of 9

81. Which option of the transaction command would be used to specify the maximum time between events in a transaction?

maxpause

maxspan

duration

eventcount

82. What does the transaction command do?

Groups a set of transactions based on time.

Creates a single event from a group of events.

Separates two events based on one or more values.

Returns the number of credit card transactions found in the event logs.

83. When creating an event type, which is allowed in the search string?

Get SPLK-1002 Dumps Full Version

Q&As: 297
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

2023 Splunk SPLK-1002 Exam Dumps Questions

Related

Posts

SPLK-2002 Dumps Questions – Effective Way to Get Certified

Valid SPLK-1005 Exam Dumps are Your best Choice to Pass

SPLK-2003 Dumps Help You Study Objectives

Online SPLK-5001 Dumps Help You Understand Questions Well

About Us

EMAIL

Services

Opening Hours