SPLK-1002 Splunk Core Certified Power User Exam Questions and Answers

inputlookup

lookup

You can remove values that aren't a match for the field you want to define

You can validate where the data originated from

You cannot modify the field extraction

status field

Multiple indexes

Data model field name.

Data model dataset name.

OR

( )

AND

NOT

Edit permissions

Edit description

Edit acceleration

Edit schedule

Display as selected fields.

Sorted

Charted based on time

Matching

sourcetype=access_* | maximum totals by bytes

sourcetype=access_* | avg (bytes)

sourcetype=access_* | stats max(bytes)

sourcetype=access_* | max(bytes)

the number of events returned

the selected time range

the type of visualization selected

because timechart doesn't support using a by clause.

because _time is already implied as the x-axis.

because one field would represent the x-axis and the other would represent the y-axis.

There is no limit specific to timechart.

Events in the transaction occurred within 5 seconds.

It groups events that share the same clientip and host.

The first and last events are no more than 5 seconds apart.

The first and last events are no more than 30 seconds apart.

Macros.

Field aliases.

The rename command.

CIM does not work with different names for the same field.

The regex can no longer be edited.

The field being extracted will be required for all future events.

The events without the required field will not display in searches.

Only events with the required string will be included in the extraction.

Field alias names replace the original field name.

Field aliases can be used in lookup file definitions.

Field aliases only normalize data across sources and sourcetypes.

Field alias names are not case sensitive when used as part of a search.

Auto-Extracted fields can be hidden in Pivot.

Auto-Extracted fields can have their data type changed.

Auto-Extracted fields can be given a friendly name for use in Pivot.

Auto-Extracted fields can be added if they already exist in the dataset with constraints.

This is a valid search and will display a timechart of the average duration, of each transaction event.

This is a valid search and will display a stats table showing the maximum pause among transactions.

No results will be returned because the transaction command must include the startswith and endswith options.

No results will be returned because the transaction command must be the last command used in the search pipeline.

Changes made manually can be reverted in the Field Extractor (FX) UI.

It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.

It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor (FX) UI.

The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was manually edited.

Fields and variables.

Fields and attributes.

Constraints and fields.

Constraints and lookups.

Custom visualizations

Pre-configured data models

Fields and event category tags

Automatic data model acceleration

Tabs

Pipes

Colons

Spaces

It doesn't matter whether eval or sort is used first.

Convert the numeric to a string with eval first, then sort.

Use sort first, then convert the numeric to a string with eval.

You cannot use the sort command and the eval command on the same field.

OR

AND

()

NOT

Int ()

Count ( )

Print ()

Tostring ()