- All Exams Instant Download
Which of the following actions can the eval command perform?
Which of the following actions can the eval command perform?A . Remove fields from results.B . Create or replace an existing field.C . Group transactions by one or more fields.D . Save SPL commands to be reused in other searches.View AnswerAnswer: B
What does the fillnull command replace null values with, it the value argument is not specified?
What does the fillnull command replace null values with, it the value argument is not specified?A . 0B . N/AC . NaND . NULLView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/653427/fillnull-doesnt-work-without-specfying-a-field.html
What are the two parts of a root event dataset?
What are the two parts of a root event dataset?A . Fields and variables.B . Fields and attributes.C . Constraints and fields.D . Constraints and lookups.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/SplunkLight/7.3.5/GettingStarted/Designdatamodel objects
Calculated fields can be based on which of the following?
Calculated fields can be based on which of the following?A . TagsB . Extracted fieldsC . Output fields for a lookupD . Fields generated from a search stringView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields
Based on the macro definition shown below, what is the correct way to execute the macro in a search string?
Based on the macro definition shown below, what is the correct way to execute the macro in a search string? A . Convert_sales (euro, , 79)”B . Convert_sales (euro, , .79)C . Convert_sales ($euro,$$,s79$D . Convert_sales ($euro, $$,S,79$)View AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Usesearchmacros
Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro?
Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro? A . The macro name is sessiontracker and the arguments are action, JESSIONIC . The macro name is sessiontracker(2) and the arguments are action, JESSIONIE . The macro name is...
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?A . Macros.B . Field aliases.C . The rename command.D . CIM does not work with different names for the same field.View AnswerAnswer: B
When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?
When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?A . RankB . WeightC . PriorityD . PrecedenceView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtype s
What is the correct syntax to search for a tag associated with a value on a specific fields?
What is the correct syntax to search for a tag associated with a value on a specific fields?A . Tag-<field?B . Tag<filed(tagname.)C . Tag=<filed>::<tagname>D . Tag::<filed>=<tagname>View AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/TagandaliasfieldvaluesinSplunkWeb
Which of the following Statements about macros is true? (select all that apply)
Which of the following Statements about macros is true? (select all that apply)A . Arguments are defined at execution time.B . Arguments are defined when the macro is created.C . Argument values are used to resolve the search string at execution time.D . Argument values are used to resolve the...
