SPLK-1002 V4

When creating a Search workflow action, which field is required?A . Search stringB . Data model nameC . Permission settingD . An eval statementView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Setupasearchworkflowaction A workflow action is a link that appears when you click an event field value in your search results2. A workflow...

What do events in a transaction have In common?A . All events In a transaction must have the same timestamp.B . All events in a transaction must have the same sourcetype.C . All events in a transaction must have the exact same set of fields.D . All events in a...

Using the export function, you can export search results as __________.( Select all that apply)A . XmlB . JsonC . HtmlD . A php fileView AnswerAnswer: A, B Explanation: Using the export function, you can export search results as XML or JSON2. The export function allows you to save your...

Which of the following statements describes the command below (select all that apply) Sourcetype=access_combined | transaction JSESSIONIDA . An additional filed named maxspan is created.B . An additional field named duration is created.C . An additional field named eventcount is created.D . Events with the same JSESSIONID will be grouped...

Which of the following knowledge objects represents the output of an eval expression?A . Eval fieldsB . Calculated fieldsC . Field extractionsD . Calculated lookupsView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Splexicon:Calculatedfield The eval command is used to create new fields or modify existing fields based on an expression2. The output of...

Which delimiters can the Field Extractor (FX) detect? (select all that apply)A . TabsB . PipesC . SpacesD . CommasView AnswerAnswer: B, C, D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep The Field Extractor (FX) is a tool that helps you extract fields from your data using delimiters or regular expressions. Delimiters are characters...

Data model are composed of one or more of which of the following datasets? (select all that apply.)A . Events datasetsB . Search datasetsC . Transaction datasetsD . Any child of event, transaction, and search datasetsView AnswerAnswer: A, B, C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels Data models are collections of datasets that...

Which of the following Statements about macros is true? (select all that apply)A . Arguments are defined at execution time.B . Arguments are defined when the macro is created.C . Argument values are used to resolve the search string at execution time.D . Argument values are used to resolve the...

Which of the following eval command function is valid?A . Int ()B . Count ( )C . Print ()D . Tostring ()View AnswerAnswer: D Explanation: The eval command supports a number of functions that you can use in your expressions to perform calculations, conversions, string manipulations and more2. One of...

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)A . Custom visualizationsB . Pre-configured data modelsC . Fields and event category tagsD . Automatic data model accelerationView AnswerAnswer: BC Explanation: The Splunk Common Information Model (CIM) add-on is a collection of pre-built data models and...