Splunk Core Certified Power User v1.0

Page:    1 / 10   
Exam contains 144 questions
Expand All

Information needed to create a GET workflow action includes which of the following? (Choose all that apply.)

  • A. A name for the workflow action.
  • B. A URI where the user will be directed at search time.
  • C. A label that will appear in the Event Action menu at search time.
  • D. A name for the URI where the user will be directed at search time.


Answer : ABC

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/SetupaGETworkflowaction

Which of the following can be used with the eval command tostring function? (Choose all that apply.)

  • A. "hex"
  • B. "commas"
  • C. "decimal"
  • D. "duration"


Answer : ABD

Reference:
https://splunkonbigdata.com/2018/10/27/usage-of-splunk-eval-function-tostring/

Which of the following searches show a valid use of a macro? (Choose all that apply.)

  • A. index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField
  • B. index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField
  • C. index=main source=mySource oldField=* | eval newField='makeMyField(oldField)'| table _time newField
  • D. index=main source=mySource oldField=* | "'newField('makeMyField(oldField)')'" | table _time newField


Answer : AB

Reference:
https://answers.splunk.com/answers/574643/field-showing-an-additional-and-not-visible-value-1.html

A user wants to convert numeric field values to strings and also to sort on those values.
Which command should be used first, the eval or the sort?

  • A. It doesn't matter whether eval or sort is used first.
  • B. Convert the numeric to a string with eval first, then sort.
  • C. Use sort first, then convert the numeric to a string with eval.
  • D. You cannot use the sort command and the eval command on the same field.


Answer : B

Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags?

  • A. Macros
  • B. Lookups
  • C. Workflow actions
  • D. Field extractions


Answer : BD

Reference:
https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizedataatsearchtime

Which of the following statements describe data model acceleration? (Choose all that apply.)

  • A. Root events cannot be accelerated.
  • B. Accelerated data models cannot be edited.
  • C. Private data models cannot be accelerated.
  • D. You must have administrative permissions or the accelerate_datamodel capability to accelerate a data model.


Answer : BCD

How does a user display a chart in stack mode?

  • A. By using the stack command.
  • B. By turning on the Use Trellis Layout option.
  • C. By changing Stack Mode in the Format menu.
  • D. You cannot display a chart in stack mode, only a timechart.


Answer : C

If no value is specified with the fillnull command, what default value will be used?

  • A. 0
  • B. N/A
  • C. ג€"
  • D. NULL


Answer : A

Reference:
https://answers.splunk.com/answers/653427/fillnull-doesnt-work-without-specfying-a-field.html

What other syntax will produce exactly the same results as | chart count over vendor_action by user?

  • A. | chart count by vendor_action, user
  • B. | chart count over vendor_action, user
  • C. | chart count by vendor_action over user
  • D. | chart count over user by vendor_action


Answer : A

What are the two parts of a root event dataset?

  • A. Fields and variables.
  • B. Fields and attributes.
  • C. Constraints and fields.
  • D. Constraints and lookups.


Answer : C

Reference:
https://docs.splunk.com/Documentation/SplunkLight/7.3.5/GettingStarted/Designdatamodelobjects

When using timechart, how many fields can be listed after a by clause?

  • A. 0, because timechart doesn't support using a by clause.
  • B. 1, because _time is already implied as the x-axis.
  • C. 2, because one field would represent the x-axis and the other would represent the y-axis.
  • D. There is no limit specific to timechart.


Answer : B

A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode.
Which field name appears in the results?

  • A. Both will appear in the All Fields list, but only if the alias is specified in the search.
  • B. Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.
  • C. The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.
  • D. The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.


Answer : B

Which of the following statements describes macros?

  • A. A macro is a reusable search string that must contain the full search.
  • B. A macro is a reusable search string that must have a fixed time range.
  • C. A macro is a reusable search string that may have a flexible time range.
  • D. A macro is a reusable search string that must contain only a portion of the search.


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Definesearchmacros

In what order are the following knowledge objects/configurations applied?

  • A. Field Aliases, Field Extractions, Lookups
  • B. Field Extractions, Field Aliases, Lookups
  • C. Field Extractions, Lookups, Field Aliases
  • D. Lookups, Field Aliases, Field Extractions


Answer : B

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/WhatisSplunkknowledge

In which of the following scenarios is an event type more effective than a saved search?

  • A. When a search should always include the same time range.
  • B. When a search needs to be added to other users' dashboards.
  • C. When the search string needs to be used in future searches.
  • D. When formatting needs to be included with the search string.


Answer : C

Reference:
https://answers.splunk.com/answers/4993/eventtype-vs-saved-search.html

Page:    1 / 10   
Exam contains 144 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy