Splunk Core Certified Advanced Power User v1.0

Page:    1 / 5   
Exam contains 70 questions
Expand All

What is a performance improvement technique unique to dashboards?

  • A. Using stats instead of transaction
  • B. Using global searches
  • C. Using report acceleration
  • D. Using datamodel acceleration


Answer : C

When and where do search debug messages appear to help with troubleshooting views?

  • A. In the Dashboard Editor, while the search is running.
  • B. In the Search Job Inspector, after the search completes.
  • C. In the Search Job Inspector, while the search is running.
  • D. In the Dashboard Editor, after the search completes.


Answer : C

Which statement about the coalesce function is accurate?

  • A. It can take only a single argument.
  • B. It can take a maximum of two arguments.
  • C. It can be used to create a new field in the results set.
  • D. It can return null or non-null values.


Answer : D

Which commands should be used in place of a subsearch if possible?

  • A. untable and/or xyseries
  • B. stats and/or eval
  • C. mvexpand and/or where
  • D. bin and/or where


Answer : B

Which of the following has a schema or structure embedded in the data itself?

  • A. Dark data
  • B. Unstructured data
  • C. Embedded data
  • D. Self-describing data


Answer : D

What arguments are required when using the spath command?

  • A. input, output, index
  • B. input, output, path
  • C. No arguments are required.
  • D. field, host, source


Answer : B

What is the recommended way to create a field extraction that is both persistent and precise?

  • A. Use the rex command.
  • B. Use the Field Extractor and manually edit the generated regular expression.
  • C. Use the Field Extractor and let it automatically generate a regular expression.
  • D. Use the erex command.


Answer : B

What capability does a power user need to create a Log Event alert action?

  • A. edit_search_server
  • B. edit_udp
  • C. edit_tcp
  • D. edit_alerts


Answer : D

How can the Inspect button be disabled on a dashboard panel?

  • A. Set inspect.link.disabled to 1
  • B. Set link.inspect.visible to 0
  • C. Set link.inspect.Search.visible to 0
  • D. Set link.search.disabled to 1


Answer : B

Which of the following is accurate regarding predefined drilldown tokens?

  • A. They capture data from a form input.
  • B. They vary by visualization type.
  • C. There are eight categories of predefined drilldown tokens.
  • D. They are defined by a panel's base search.


Answer : D

What is returned when Splunk finds fewer than the minimum matches for each lookup value?

  • A. The default value NULL until the minimum match threshold is reached.
  • B. The default match value until the minimum match threshold is reached.
  • C. The first match unless the time_field attribute is specified.
  • D. Only the first match.


Answer : A

Assuming a standard time zone across the environment, what syntax will always return events from between 2:00am and 5:00am?

  • A. date hour>=2 AND date_hour<5
  • B. earliest==2h@h AND latests-5h@h
  • C. time_hour>=2 AND time_hour>=5
  • D. earliest-2h@h AND latest=5h@h


Answer : B

What does using the tstats command with summariesonly=false do?

  • A. Returns results from only non-summarized data.
  • B. Returns results from both summarized and non-summarized data.
  • C. Prevents use of wildcard characters in aggregate functions.
  • D. Returns no results.


Answer : B

A report named "Linux logins" populates a summary index with the search string sourcetype=linux secure | sitop src ip user. Which of the following correctly searches against the summary index for this data?

  • A. index=summary sourcetype="linux_secure" | top src_ip user
  • B. index=summary search name="Linux logins" | top src ip user
  • C. index=summary search_name="Linux logins" | stats count by src_ip user
  • D. index=summary sourcetype="linux secure" | stats count by src_ip user


Answer : D

Which of the following is accurate about cascading inputs?

  • A. They can be reset by an event handler.
  • B. The final input has no impact on previous inputs.
  • C. Only the final input of the sequence can supply a token to searches.
  • D. Inputs added to panels can not participate.


Answer : A

Page:    1 / 5   
Exam contains 70 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy