NEW QUESTION 1

By default search results are not returned in ______ order.

• A. Chronological
• B. Reverser chronological
• C. ASCIE
• D. Alphabetical

Answer: AD

NEW QUESTION 2

What is required for a macro to accept three arguments?

• A. The macro's name ends with (3).
• B. The macro's name starts with (3).
• C. The macro's argument count setting is 3 or more.
• D. Nothing, all macros can accept any number of arguments.

Answer: A

NEW QUESTION 3

What does the fillnull command replace null values with, it the value argument is not specified?

• A. N/A
• B. NaN
• C. NULL

Answer: A

NEW QUESTION 4

Which of the following searches will show the number of categoryld used by each host?

• A. Sourcetype=access_* |sum bytes by host
• B. Sourcetype=access_* |stats sum(categoryl
• C. by host
• D. Sourcetype=access_* |sum(bytes) by host
• E. Sourcetype=access_* |stats sum by host

Answer: B

NEW QUESTION 5

What are the two parts of a root event dataset?

• A. Fields and variables.
• B. Fields and attributes.
• C. Constraints and fields.
• D. Constraints and lookups.

Answer: C

NEW QUESTION 6

Which of the following actions can the eval command perform?

• A. Remove fields from results.
• B. Create or replace an existing field.
• C. Group transactions by one or more fields.
• D. Save SPL commands to be reused in other searches.

Answer: B

NEW QUESTION 7

These allow you to categorize events based on search terms. Select your answer.

• A. Groups
• B. Event Types
• C. Macros
• D. Tags

Answer: B

NEW QUESTION 8

What is the relationship between data models and pivots?

• A. Data models provide the datasets for pivots.
• B. Pivots and data models have no relationship.
• C. Pivots and data models are the same thing.
• D. Pivots provide the datasets for data models.

Answer: D

NEW QUESTION 9

Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro?

• A. The macro name is sessiontracker and the argument are action, JESSION.
• B. The macro name is sessiontracker (2) and the action JESSIONID
• C. The macro name is sessiontracker and the argument are sectional ,$ JESSIONIDS.
• D. The macro name is sessiontracker (2) and the argument are $action ,$JESSIONIDS.

Answer: B

NEW QUESTION 10

Calculated fields can be based on which of the following?

• A. Tags
• B. Extracted fields
• C. Output fields for a lookup
• D. Fields generated from a search string

Answer: B

NEW QUESTION 11

Which of the following statements describes the use of the Filed Extractor (FX)?

• A. The Field Extractor automatically extracts all field at search time.
• B. The Field Extractor uses PERL to extract field from the raw events.
• C. Field extracted using the Extracted persist as knowledge objects.
• D. Fields extracted using the Field Extractor do not persist and must be defined for each search.

Answer: C

NEW QUESTION 12

Which of the following statements describe calculated fields? (select all that apply)

• A. Calculated fields can be used in the search bar.
• B. Calculated fields can be based on an extracted field.
• C. Calculated fields can only be applied to host and sourcetype.
• D. Calculated fields are shortcuts for performing calculations using the eval command.

Answer: BD

NEW QUESTION 13

What does the following search do?

• A. Creates a table of the total count of users and split by corndogs.
• B. Creates a table of the total count of mysterymeat corndogs split by user.
• C. Creates a table with the count of all types of corndogs eaten split by user.
• D. Creates a table that groups the total number of users by vegetarian corndogs.

Answer: A

NEW QUESTION 14

Which of the following eval command function is valid?

• A. Int ()
• B. Count ( )
• C. Print ()
• D. Tostring ()

Answer: D

NEW QUESTION 15

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)

• A. Custom visualizations
• B. Pre-configured data models
• C. Fields and event category tags
• D. Automatic data model acceleration

Answer: AC

NEW QUESTION 16

Which of the following are valid options to speed up reports? (Select all the apply.)

• A. Edit permissions
• B. Edit description
• C. Edit acceleration
• D. Edit schedule

Answer: C

NEW QUESTION 17

Which of the following workflow actions can be executed from search results? (select all that apply)

• A. GET
• B. POST
• C. LOOKUP
• D. Search

Answer: ABD

NEW QUESTION 18

The Field Extractor (FX) is used to extract a custom field. A report can be created using this custom field. The created report can then be shared with other people in the organization. If another person in the organization runs the shared report and no results are returned, why might this be? (select all that apply)

• A. Fast mode is enabled.
• B. The dashboard is private.
• C. The extraction is private
• D. The person in the organization running the report does not have access to the index.

Answer: BD

NEW QUESTION 19

When using the transaction command, what does the argument maxspan do?

• A. Sets the maximum total time between events in a transaction.
• B. Sets the maximum length of all events within a transaction.
• C. Sets the maximum total time between the earliest and latest events in a transaction.
• D. Sets the maximum length that any single event can reach to be included in the transaction.

Answer: B

NEW QUESTION 20

Which of the following statements describe GET workflow actions?

• A. GET workflow actions must be configured with POST arguments.
• B. Configuration of GET workflow actions includes choosing a sourcetype.
• C. Label names for GET workflow actions must include a field name surrounded by dollar signs.
• D. GET workflow actions can be configured to open the URT link in the current window or in a new window

Answer: D

NEW QUESTION 21

Using the export function, you can export search results as _______.( Select all that apply)

• A. Xml
• B. Json
• C. Html
• D. A php file

Answer: AB

NEW QUESTION 22

What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

• A. The average time elapsed during each transaction for all transactions
• B. The average time for each event within each transaction
• C. The average time between each transaction

Answer: A

NEW QUESTION 23

The eval command 'if' function requires the following three arguments (in order):

• A. Boolean expression, result if true, result if false
• B. Result if true, result if false, boolean expression
• C. Result if false, result if true, boolean expression
• D. Boolean expression, result if false, result if true

Answer: A

NEW QUESTION 24

In what order arc the following knowledge objects/configurations applied?

• A. Field Aliases, Field Extractions, Lookups
• B. Field Extractions, Field Aliases, Lookups
• C. Field Extractions, Lookups, Field Aliases
• D. Lookups, Field Aliases, Field Extractions

Answer: B

NEW QUESTION 25
......