SPLK-1002 V2

When using timechart, how many fields can be listed after a by clause?A . because timechart doesn't support using a by clause.B . because _time is already implied as the x-axis.C . because one field would represent the x-axis and the other would represent the y-axis.D . There is no...

Which of the following statements is true, especially in large environments?A . Use the scats command when you next to group events by two or more fields.B . The stats command is faster and more efficient than the transaction commandC . The transaction command is faster and more efficient than...

Which of the following statements describe data model acceleration? (select all that apply)A . Root events cannot be accelerated.B . Accelerated data models cannot be edited.C . Private data models cannot be accelerated.D . You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.View AnswerAnswer: B,...

When creating a Search workflow action, which field is required?A . Search stringB . Data model nameC . Permission settingD . An eval statementView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Setupasearchworkflowaction A workflow action is a link that appears when you click an event field value in your search results2. A workflow...

Which of the following file formats can be extracted using a delimiter field extraction?A . CSVB . PDFC . XMLD . JSONView AnswerAnswer: A Explanation: A delimiter field extraction is a method of extracting fields from data that uses a character or a string to separate fields in each event....

Which delimiters can the Field Extractor (FX) detect? (select all that apply)A . TabsB . PipesC . SpacesD . CommasView AnswerAnswer: B, C, D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep The Field Extractor (FX) is a tool that helps you extract fields from your data using delimiters or regular expressions. Delimiters are characters...

Which of the following statements describe the Common Information Model (CIM)? (select all that apply)A . CIM is a methodology for normalizing data.B . CIM can correlate data from different sources.C . The Knowledge Manager uses the CIM to create knowledge objects.D . CIM is an app that can coexist...

Which of the following about reports is/are true?A . Reports are knowledge objects.B . Reports can be scheduled.C . Reports can run a script.D . All of the above.View AnswerAnswer: D Explanation: A report is a way to save a search and its results in a format that you can...

The Field Extractor (FX) is used to extract a custom field. A report can be created using this custom field. The created report can then be shared with other people in the organization. If another person in the organization runs the shared report and no results are returned, why might...

Which of the following statements describe the search below? (select all that apply) Index=main I transaction clientip host maxspan=30s maxpause=5sA . Events in the transaction occurred within 5 seconds.B . It groups events that share the same clientip and host.C . The first and last events are no more than...