Splunk SPLK-1002 - Splunk Core Certified Power User Exam
Page: 1 / 42
Total 207 questions
Question #1 (Topic: Single Topic)
Which one of the following statements about the search command is true?
A. It does not allow the use of wildcards.
B. It treats field values in a case-sensitive manner.
C. It can only be used at the beginning of the search pipeline.
D. It behaves exactly like search strings before the first pipe.
Answer: D
Question #2 (Topic: Single Topic)
Which of the following actions can the eval command perform?
A. Remove fields from results.
B. Create or replace an existing field.
C. Group transactions by one or more fields.
D. Save SPL commands to be reused in other searches.
Answer: B
Question #3 (Topic: Single Topic)
When can a pipe follow a macro?
A. A pipe may always follow a macro.
B. The current user must own the macro.
C. The macro must be defined in the current app.
D. Only when sharing is set to global for the macro.
Answer: A
Question #4 (Topic: Single Topic)
Data models are composed of one or more of which of the following datasets? (Choose all that apply.)
A. Events datasets
B. Search datasets
C. Transaction datasets
D. Any child of event, transaction, and search datasets
Answer: ABC
Question #5 (Topic: Single Topic)
When using the Field Extractor (FX), which of the following delimiters will work? (Choose all that apply.)
A. Tabs
B. Pipes
C. Colons
D. Spaces
Answer: AB
