Tag - SPLK-1002 exam

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)A . Custom visualizationsB . Pre-configured data modelsC . Fields and event category tagsD . Automatic data model accelerationView AnswerAnswer: BC Explanation: The Splunk Common Information Model (CIM) add-on is a collection of pre-built data models and...

Which of the following statements are true for this search? (Select all that apply.) SEARCH: sourcetype=access* |fields action productld statusA . is looking for all events that include the search terms: fields AND action AND productld AND statusB . users the table command to improve performanceC . limits the fields...

In what order arc the following knowledge objects/configurations applied?A . Field Aliases, Field Extractions, LookupsB . Field Extractions, Field Aliases, LookupsC . Field Extractions, Lookups, Field AliasesD . Lookups, Field Aliases, Field ExtractionsView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/WhatisSplunkknowledge Knowledge objects are entities that you create to add knowledge to your...

What does the transaction command do?A . Groups a set of transactions based on time.B . Creates a single event from a group of events.C . Separates two events based on one or more values.D . Returns the number of credit card transactions found in the event logs.View AnswerAnswer: B...

Which of the following search control will not re-rerun the search? (Select all that apply.)A . zoom outB . selecting a bar on the timelineC . deselectD . selecting a range of bars on the timelinesView AnswerAnswer: B, C, D Explanation: The timeline is a graphical representation of your search...

Which of the following statements describes Search workflow actions?A . By default. Search workflow actions will run as a real-time search.B . Search workflow actions can be configured as scheduled searches,C . The user can define the time range of the search when created the workflow action.D . Search workflow...

What does the fillnull command replace null values with, it the value argument is not specified?A . 0B . N/AC . NaND . NULLView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/653427/fillnull-doesnt-work-without-specfying-a-field.html The fillnull command is a search command that replaces null values with a specified value or 0 if no value is...

Which of the following are valid options to speed up reports? (Select all the apply.)A . Edit permissionsB . Edit descriptionC . Edit accelerationD . Edit scheduleView AnswerAnswer: C Explanation: One of the valid options to speed up reports is to edit acceleration, which means that you can enable summary...

Data model are composed of one or more of which of the following datasets? (select all that apply.)A . Events datasetsB . Search datasetsC . Transaction datasetsD . Any child of event, transaction, and search datasetsView AnswerAnswer: A, B, C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels Data models are collections of datasets that...

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?A . RankB . WeightC . PriorityD . PrecedenceView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes When multiple event types with different color values are assigned to the same event, the...