- All Exams Instant Download
Which of the following workflow actions can be executed from search results? (select all that apply)
Which of the following workflow actions can be executed from search results? (select all that apply)A . GETB . POSTC . LOOKUPD . SearchView AnswerAnswer: A, B, D Explanation: As mentioned before, there are two types of workflow actions: GET and POST1. Both types of workflow actions can be executed...
How does a user display a chart in stack mode?
How does a user display a chart in stack mode?A . By using the stack command.B . By turning on the Use Trellis Layout option.C . By changing Stack Mode in the Format menu.D . You cannot display a chart in stack mode, only a timechart.View AnswerAnswer: C Explanation: A...
Which of the following commands will show the maximum bytes?
Which of the following commands will show the maximum bytes?A . sourcetype=access_* | maximum totals by bytesB . sourcetype=access_* | avg (bytes)C . sourcetype=access_* | stats max(bytes)D . sourcetype=access_* | max(bytes)View AnswerAnswer: C
What does the fillnull command replace null values with, it the value argument is not specified?
What does the fillnull command replace null values with, it the value argument is not specified?A . 0B . N/AC . NaND . NULLView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/653427/fillnull-doesnt-work-without-specfying-a-field.html The fillnull command is a search command that replaces null values with a specified value or 0 if no value is...
Which of the following statements describes field aliases?
Which of the following statements describes field aliases?A . Field alias names replace the original field name.B . Field aliases can be used in lookup file definitions.C . Field aliases only normalize data across sources and sourcetypes.D . Field alias names are not case sensitive when used as part of...
What is required for a macro to accept three arguments?
What is required for a macro to accept three arguments?A . The macro's name ends with (3).B . The macro's name starts with (3).C . The macro's argument count setting is 3 or more.D . Nothing, all macros can accept any number of arguments.View AnswerAnswer: A Explanation: To create a...
What does the following search do?
What does the following search do? A . Creates a table of the total count of users and split by corndogs.B . Creates a table of the total count of mysterymeat corndogs split by user.C . Creates a table with the count of all types of corndogs eaten split by...
Splunk alerts can be based on search that run______. (Select all that apply.)
Splunk alerts can be based on search that run______. (Select all that apply.)A . in real-timeB . on a regular scheduleC . and have no matching eventsView AnswerAnswer: A, B Explanation: Splunk alerts can be based on searches that run in real-time or on a regular schedule3. An alert is...
Which of the following searches will show the number of categoryld used by each host?
Which of the following searches will show the number of categoryld used by each host?A . Sourcetype=access_* |sum bytes by hostB . Sourcetype=access_* |stats sum(categorylD. by hostC . Sourcetype=access_* |sum(bytes) by hostD . Sourcetype=access_* |stats sum by hostView AnswerAnswer: B
To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?
To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?A . Index-main | REJECT trans sessionidB . Index-main | transaction sessionid | search REJECTC . Index=main | transaction sessionid | whose transaction=rejectD . Index=main | transaction sessionid | where...
