- All Exams Instant Download
When a search returns __________, you can view the results as a list.
When a search returns __________, you can view the results as a list.A . a list of eventsB . transactionsC . statistical valuesView AnswerAnswer: C
It is mandatory for the lookup file to have this for an automatic lookup to work.
It is mandatory for the lookup file to have this for an automatic lookup to work.A . Source typeB . At least five columnsC . TimestampD . Input filedView AnswerAnswer: D
Which are valid ways to create an event type? (select all that apply)
Which are valid ways to create an event type? (select all that apply)A . By using the searchtypes command in the search bar.B . By editing the event_type stanza in the props.conf file.C . By going to the Settings menu and clicking Event Types > New.D . By selecting an...
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?A . Macros.B . Field aliases.C . The rename command.D . CIM does not work with different names for the same field.View AnswerAnswer: B Explanation: The Splunk Common Information Model (CIM) add-on helps you...
Which of the following statements describes field aliases?
Which of the following statements describes field aliases?A . Field alias names replace the original field name.B . Field aliases can be used in lookup file definitions.C . Field aliases only normalize data across sources and sourcetypes.D . Field alias names are not case sensitive when used as part of...
Which of the following searches show a valid use of macro? (Select all that apply)
Which of the following searches show a valid use of macro? (Select all that apply)A . index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newFieldB . index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newFieldC . index=main source=mySource oldField=* | eval newField='makeMyField(oldField)'| table _time newFieldD . index=main source=mySource oldField=* | "'newField('makeMyField(oldField)')'"...
Which of the following searches will return events contains a tag name Privileged?
Which of the following searches will return events contains a tag name Privileged?A . Tag= PrivB . Tag= Pri*C . Tag= Priv*D . Tag= PrivilegedView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity A tag is a descriptive label that you can apply to one or more fields or field values in your...
Which of the following actions can the eval command perform?
Which of the following actions can the eval command perform?A . Remove fields from results.B . Create or replace an existing field.C . Group transactions by one or more fields.D . Save SPL commands to be reused in other searches.View AnswerAnswer: B Explanation: The eval command is used to create...
Which of the following commands will show the maximum bytes?
Which of the following commands will show the maximum bytes?A . sourcetype=access_* | maximum totals by bytesB . sourcetype=access_* | avg (bytes)C . sourcetype=access_* | stats max(bytes)D . sourcetype=access_* | max(bytes)View AnswerAnswer: C
This function of the stats command allows you to identify the number of values a field has.
This function of the stats command allows you to identify the number of values a field has.A . maxB . distinct_countC . fieldsD . countView AnswerAnswer: D
