Splunk splk-1002 practice test

Splunk Core Certified Power User Exam

Last exam update: Sep 12 ,2024
Page 1 out of 12. Viewing questions 1-15 out of 181

Question 1

Data models are composed of one or more of which of the following datasets? (select all that apply)
A. Transaction datasets
B. Events datasets
C. Search datasets
D. Any child of event, transaction, and search datasets

Answer:

ABC
Data model datasets have a hierarchical relationship with each other, meaning they have parent-
child relationships. Data models can contain multiple dataset hierarchies. There are three types of
event, search, and transaction.
Datamodeldataset

Discussions
0 / 1000

Question 2

Consider the following search:
Index=web sourcetype=access_combined
The log shows several events that share the same JSESSIONID value (SD404K289O2F151). View the
events as a group. From the following list, which search groups events by JSESSIONID?

  • A. index=web sourcetype=access_combined SD404K289O2F151 I table JSESSIONID
  • B. index=web sourcetype=access_combined JSESSIONID <SD404K289O2F151>
  • C. index=web sourcetype=access_combined I highlight JSESSIONID I search SD404K289O2F151
  • D. index-web sourcetype=access_combined I transaction JSESSIONID I search SD404K289O2F151
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What happens when a user edits the regular expression (regex) field extraction generated in the Field
Extractor (FX)?

  • A. There is a limit to the number of fields that can be extracted.
  • B. The user is unable to preview the extractions.
  • C. The extraction is added at index time.
  • D. The user is unable to return to the automatic field extraction workflow.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following is one of the pre-configured data models included in the Splunk Common
Information Model (CIM) add-on?

  • A. Access
  • B. Accounting
  • C. Authorization
  • D. Authentication
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following statements describes calculated fields?

  • A. Calculated fields are only used on fields added by lookups.
  • B. Calculated fields are a shortcut for repetitive and complex eval commands.
  • C. Calculated fields are a shortcut for repetitive and complex calc commands.
  • D. Calculated fields automatically calculate the simple moving average for indexed fields.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

In which Settings section are macros defined?

  • A. Fields
  • B. Tokens
  • C. Advanced Search
  • D. Searches, Reports, Alerts
Answer:

C

User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

In the following eval statement, what is the value of description if the status is 503? index=main |
eval description=case(status==200, "OK", status==404, "Not found", status==500, "Internal Server
Error")
A. The description field would contain no value.
B. The description field would contain the value 0.
C. The description field would contain the value "Internal Server Error".
D. This statement would produce an error in Splunk because it is incomplete.

Answer:

A
//docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/ConditionalFunctions

Discussions
0 / 1000

Question 8

A user wants to create a new field alias for a field that appears in two sourcetypes.
How many field aliases need to be created?

  • A. One.
  • B. Two.
  • C. It depends on whether the original fields have the same name.
  • D. It depends on whether the two sourcetypes are associated with the same index.
Answer:

B

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which command can include both an over and a by clause to divide results into sub-groupings?

  • A. chart
  • B. stats
  • C. xyseries
  • D. transaction
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

When is a GET workflow action needed?

  • A. To send field values to an external resource.
  • B. To retrieve information from an external resource.
  • C. To use field values to perform a secondary search.
  • D. To define how events flow from forwarders to indexes.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

A data model can consist of what three types of datasets?

  • A. Pivot, searches, and events.
  • B. Pivot, events, and transactions.
  • C. Searches, transactions, and pivot.
  • D. Events, searches, and transactions.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

What information must be included when using the datamodel command?

  • A. status field
  • B. Multiple indexes
  • C. Data model field name.
  • D. Data model dataset name.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following is a function of the Splunk Common Information Model (CIM)?

  • A. Normalizing data across a Splunk deployment.
  • B. Providing templates for reports and dashboards.
  • C. Algorithmically shifting events to other indexes.
  • D. Reingesting previously indexed data with new field names.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which type of visualization shows relationships between discrete values in three dimensions?
A. Pie chart
B. Line chart
C. Bubble chart
D. Scatter chart

Answer:

C
//docs.splunk.com/Documentation/DashApp/0.9.0/DashApp/chartsBub

Discussions
0 / 1000

Question 15

When using the timechart command, how can a user group the events into buckets based on time?

  • A. Using the span argument.
  • B. Using the duration argument.
  • C. Using the interval argument.
  • D. Adjusting the fieldformat options.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2