Splunk SPLK-1002 Exam Questions
Questions for the SPLK-1002 were updated on : Oct 11 ,2024
Page 1 out of 13. Viewing questions 1-15 out of 181
Question 1
Which of the following Statements about macros is true? (select all that apply)
- A. Arguments are defined at execution time.
- B. Arguments are defined when the macro is created.
- C. Argument values are used to resolve the search string at execution time.
- D. Argument values are used to resolve the search string when the macro is created.
Answer:
B, C
Question 2
What is required for a macro to accept three arguments?
- A. The macro's name ends with (3).
- B. The macro's name starts with (3).
- C. The macro's argument count setting is 3 or more.
- D. Nothing, all macros can accept any number of arguments.
Answer:
A
Question 3
Which of the following statements describes POST workflow actions?
- A. POST workflow actions are always encrypted.
- B. POST workflow actions cannot use field values in their URI.
- C. POST workflow actions cannot be created on custom sourcetypes.
- D. POST workflow actions can open a web page in either the same window or a new .
Answer:
D
Question 4
Which of the following searches show a valid use of macro? (Select all that apply)
- A. index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField
- B. index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField
- C. index=main source=mySource oldField=* | eval newField='makeMyField(oldField)'| table _time newField
- D. index=main source=mySource oldField=* | "'newField('makeMyField(oldField)')'" | table _time newField
Answer:
A, C
Reference:
https://answers.splunk.com/answers/574643/field-showing-an-additional-and-not-visible-value-1.html
Question 5
Which of the following workflow actions can be executed from search results? (select all that apply)
- A. GET
- B. POST
- C. LOOKUP
- D. Search
Answer:
A, B, D
Question 6
Which of the following is the correct way to use the data model command to search field in the data
model within the web dataset?
- A. | datamodel web search | filed web *
- B. | Search datamodel web web | filed web*
- C. | datamodel web web field | search web*
- D. Datamodel=web | search web | filed web*
Answer:
A
Question 7
Which of the following searches will return events contains a tag name Privileged?
- A. Tag= Priv
- B. Tag= Pri*
- C. Tag= Priv*
- D. Tag= Privileged
Answer:
B
Reference:
https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity
Question 8
Which of the following statements describes this search?
sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)
- A. This is a valid search and will display a timechart of the average duration, of each transaction event.
- B. This is a valid search and will display a stats table showing the maximum pause among transactions.
- C. No results will be returned because the transaction command must include the startswith and endswith options.
- D. No results will be returned because the transaction command must be the last command used in the search pipeline.
Answer:
A
Question 9
Calculated fields can be based on which of the following?
- A. Tags
- B. Extracted fields
- C. Output fields for a lookup
- D. Fields generated from a search string
Answer:
B
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields
Question 10
Based on the macro definition shown below, what is the correct way to execute the macro in a search
string?
- A. Convert_sales (euro, €, 79)”
- B. Convert_sales (euro, €, .79)
- C. Convert_sales ($euro,$€$,s79$
- D. Convert_sales ($euro, $€$,S,79$)
Answer:
B
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Usesearchmacros
Question 11
When multiple event types with different color values are assigned to the same event, what
determines the color displayed for the events?
- A. Rank
- B. Weight
- C. Priority
- D. Precedence
Answer:
C
Reference:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes
Question 12
Which of the following statements describes the command below (select all that apply)
Sourcetype=access_combined | transaction JSESSIONID
- A. An additional filed named maxspan is created.
- B. An additional field named duration is created.
- C. An additional field named eventcount is created.
- D. Events with the same JSESSIONID will be grouped together into a single event.
Answer:
B, C, D
Question 13
Which of the following can be used with the eval command tostring function (select all that apply)
A. hex
B. commas
C. Decimal
D. duration
Answer:
A, B, D
//docs.splunk.com/Documentation/Splunk/8.1.0/SearchReference/ConversionFunctions#tostri
ng.28X.2CY.29
Question 14
Which of the following statements about tags is true?
- A. Tags are case insensitive.
- B. Tags are created at index time.
- C. Tags can make your data more understandable.
- D. Tags are searched by using the syntax tag: : <fieldneme>
Answer:
C
Question 15
Which of the following statements about data models and pivot are true? (select all that apply)
- A. They are both knowledge objects.
- B. Data models are created out of datasets called pivots.
- C. Pivot requires users to input SPL searches on data models.
- D. Pivot allows the creation of data visualizations that present different aspects of a data model.
Answer:
D