Splunk splk-1002 practice test

Exam Title: Splunk Core Certified Power User Exam

Last update: Jul 05 ,2025
Question 1

Data models are composed of one or more of which of the following datasets? (select all that apply)
A. Transaction datasets
B. Events datasets
C. Search datasets
D. Any child of event, transaction, and search datasets

Answer:

ABC
Data model datasets have a hierarchical relationship with each other, meaning they have parent-
child relationships. Data models can contain multiple dataset hierarchies. There are three types of
event, search, and transaction.
Datamodeldataset

Comments
Ranju
10 months ago

Transaction datasets, Events datasets, Search datasets

Question 2

Consider the following search:
Index=web sourcetype=access_combined
The log shows several events that share the same JSESSIONID value (SD404K289O2F151). View the
events as a group. From the following list, which search groups events by JSESSIONID?

  • A. index=web sourcetype=access_combined SD404K289O2F151 I table JSESSIONID
  • B. index=web sourcetype=access_combined JSESSIONID <SD404K289O2F151>
  • C. index=web sourcetype=access_combined I highlight JSESSIONID I search SD404K289O2F151
  • D. index-web sourcetype=access_combined I transaction JSESSIONID I search SD404K289O2F151
Answer:

B

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 3

What happens when a user edits the regular expression (regex) field extraction generated in the Field
Extractor (FX)?

  • A. There is a limit to the number of fields that can be extracted.
  • B. The user is unable to preview the extractions.
  • C. The extraction is added at index time.
  • D. The user is unable to return to the automatic field extraction workflow.
Answer:

A

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 1
Comments
Question 4

Which of the following is one of the pre-configured data models included in the Splunk Common
Information Model (CIM) add-on?

  • A. Access
  • B. Accounting
  • C. Authorization
  • D. Authentication
Answer:

D

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 1
Comments
Question 5

Which of the following statements describes calculated fields?

  • A. Calculated fields are only used on fields added by lookups.
  • B. Calculated fields are a shortcut for repetitive and complex eval commands.
  • C. Calculated fields are a shortcut for repetitive and complex calc commands.
  • D. Calculated fields automatically calculate the simple moving average for indexed fields.
Answer:

B

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 6

In which Settings section are macros defined?

  • A. Fields
  • B. Tokens
  • C. Advanced Search
  • D. Searches, Reports, Alerts
Answer:

C

vote your answer:
A
B
C
D
A 0 B 0 C 1 D 0
Comments
Question 7

In the following eval statement, what is the value of description if the status is 503? index=main |
eval description=case(status==200, "OK", status==404, "Not found", status==500, "Internal Server
Error")
A. The description field would contain no value.
B. The description field would contain the value 0.
C. The description field would contain the value "Internal Server Error".
D. This statement would produce an error in Splunk because it is incomplete.

Answer:

A
//docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/ConditionalFunctions

Comments
Question 8

A user wants to create a new field alias for a field that appears in two sourcetypes.
How many field aliases need to be created?

  • A. One.
  • B. Two.
  • C. It depends on whether the original fields have the same name.
  • D. It depends on whether the two sourcetypes are associated with the same index.
Answer:

B

vote your answer:
A
B
C
D
A 0 B 2 C 0 D 0
Comments
Question 9

Which command can include both an over and a by clause to divide results into sub-groupings?

  • A. chart
  • B. stats
  • C. xyseries
  • D. transaction
Answer:

A

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 10

When is a GET workflow action needed?

  • A. To send field values to an external resource.
  • B. To retrieve information from an external resource.
  • C. To use field values to perform a secondary search.
  • D. To define how events flow from forwarders to indexes.
Answer:

B

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 11

A data model can consist of what three types of datasets?

  • A. Pivot, searches, and events.
  • B. Pivot, events, and transactions.
  • C. Searches, transactions, and pivot.
  • D. Events, searches, and transactions.
Answer:

D

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 12

What information must be included when using the datamodel command?

  • A. status field
  • B. Multiple indexes
  • C. Data model field name.
  • D. Data model dataset name.
Answer:

D

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 13

Which of the following is a function of the Splunk Common Information Model (CIM)?

  • A. Normalizing data across a Splunk deployment.
  • B. Providing templates for reports and dashboards.
  • C. Algorithmically shifting events to other indexes.
  • D. Reingesting previously indexed data with new field names.
Answer:

A

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 14

Which type of visualization shows relationships between discrete values in three dimensions?
A. Pie chart
B. Line chart
C. Bubble chart
D. Scatter chart

Answer:

C
//docs.splunk.com/Documentation/DashApp/0.9.0/DashApp/chartsBub

Comments
Question 15

When using the timechart command, how can a user group the events into buckets based on time?

  • A. Using the span argument.
  • B. Using the duration argument.
  • C. Using the interval argument.
  • D. Adjusting the fieldformat options.
Answer:

A

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Page 1 out of 12
Viewing questions 1-15 out of 181
Go To
page 2