SPLK-1002 V1

When should you use the transaction command instead of the scats command?A . When you need to group on multiple values.B . When duration is irrelevant in search results..C . When you have over 1000 events in a transaction.D . When you need to group based on start and end...

Using the export function, you can export search results as __________.( Select all that apply)A . XmlB . JsonC . HtmlD . A php fileView AnswerAnswer: A, B Explanation: Using the export function, you can export search results as XML or JSON2. The export function allows you to save your...

Which of the following statements about event types is true? (select all that apply)A . Event types can be tagged.B . Event types must include a time range,C . Event types categorize events based on a search.D . Event types can be a useful method for capturing and sharing knowledge.View...

What does the fillnull command replace null values with, it the value argument is not specified?A . 0B . N/AC . NaND . NULLView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/653427/fillnull-doesnt-work-without-specfying-a-field.html The fillnull command is a search command that replaces null values with a specified value or 0 if no value is...

What are the two parts of a root event dataset?A . Fields and variables.B . Fields and attributes.C . Constraints and fields.D . Constraints and lookups.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/SplunkLight/7.3.5/GettingStarted/Designdatamodelobjects A root event dataset is the base dataset for a data model that defines the source or sources of...

Which of the following data model are included In the Splunk Common Information Model (CIM) add-on? (select all that apply)A . AlertsB . EmailC . DatabaseD . User permissionsView AnswerAnswer: A, B, C Explanation: Reference: https://docs.splunk.com/Documentation/CIM/4.15.0/User/Overview The Splunk Common Information Model (CIM) add-on is a collection of pre-built data models...

Which of the following statements describes this search? sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)A . This is a valid search and will display a timechart of the average duration, of each transaction event.B . This is a valid search and will display a stats table showing the maximum...

What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?A . Macros.B . Field aliases.C . The rename command.D . CIM does not work with different names for the same field.View AnswerAnswer: B Explanation: The Splunk Common Information Model (CIM) add-on helps you...

Which of the following statements is true, especially in large environments?A . Use the scats command when you next to group events by two or more fields.B . The stats command is faster and more efficient than the transaction commandC . The transaction command is faster and more efficient than...

Select this in the fields sidebar to automatically pipe you search results to the rare commandA . events with this fieldB . rare valuesC . top values by timeD . top valuesView AnswerAnswer: B Explanation: The fields sidebar is a panel that shows the fields that are present in your...