Question 1

Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (Choose all that apply.)

Accepted Answer

A)  Auto-Extracted fields can be hidden in Pivot. 
B)  Auto-Extracted fields can have their data type changed. 
C)  Auto-Extracted fields can be given a friendly name for use in Pivot. 
D)  Auto-Extracted fields can be added if they already exist in the dataset with constraints. 
A)  Auto-Extracted fields can be hidden in Pivot. 
B)  Auto-Extracted fields can have their data type changed. 
C)  Auto-Extracted fields can be given a friendly name for use in Pivot. 
D)  Auto-Extracted fields can be added if they already exist in the dataset with constraints. B

Question 2

What does the Splunk Common Information Model (CIM) add-on include? (Choose all that apply.)

Accepted Answer

A)  Custom visualizations 
B)  Pre-configured data models 
C)  Fields and event category tags 
D)  Automatic data model acceleration 
A)  Custom visualizations 
B)  Pre-configured data models 
C)  Fields and event category tags 
D)  Automatic data model acceleration B,D

Question 3

Which of the following statements about tags is true?

Accepted Answer

A) Tags are case insensitive. B) Tags are created at index time. C) Tags can make your data more understandable. D) Tags are searched by using the syntax tag:: Tags are searched by using the syntax tag:: A) Tags are case insensitive. B) Tags are created at index time. C) Tags can make your data more understandable. D) Tags are searched by using the syntax tag:: Tags are searched by using the syntax tag:: B

Question 4

Which of the following can be used with the eval command tostring function? (Choose all that apply.)

Accepted Answer

A)  "hex" 
B)  "commas" 
C)  "decimal" 
D)  "duration" 
A)  "hex" 
B)  "commas" 
C)  "decimal" 
D)  "duration"

Question 5

Which of the following is a function of the Splunk Common Information Model (CIM)?

Accepted Answer

A)  Normalizing data across a Splunk deployment. 
B)  Providing templates for reports and dashboards. 
C)  Algorithmically shifting events to other indexes. 
D)  Reingesting previously indexed data with new field names. 
A)  Normalizing data across a Splunk deployment. 
B)  Providing templates for reports and dashboards. 
C)  Algorithmically shifting events to other indexes. 
D)  Reingesting previously indexed data with new field names.

Question 6

Which of the following statements about event types is true? (Choose all that apply.)

Accepted Answer

A)  Event types can be tagged. 
B)  Event types must include a time range. 
C)  Event types categorize events based on a search. 
D)  Event types can be a useful method for capturing and sharing knowledge. 
A)  Event types can be tagged. 
B)  Event types must include a time range. 
C)  Event types categorize events based on a search. 
D)  Event types can be a useful method for capturing and sharing knowledge.

Question 7

Which workflow uses field values to perform a secondary search?

Accepted Answer

A)  POST 
B)  Action 
C)  Search 
D)  Sub-search 
A)  POST 
B)  Action 
C)  Search 
D)  Sub-search

Question 8

When using | timechart by host , which field is represented in the x-axis?

Accepted Answer

A)  date 
B)  host 
C)  time 
D)  _time 
A)  date 
B)  host 
C)  time 
D)  _time

Question 9

Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags?

Accepted Answer

A)  Macros 
B)  Lookups 
C)  Workflow actions 
D)  Field extractions 
A)  Macros 
B)  Lookups 
C)  Workflow actions 
D)  Field extractions

Question 10

What does the transaction command do?

Accepted Answer

A)  Groups a set of transactions based on time. 
B)  Creates a single event from a group of events. 
C)  Separates two events based on one or more values. 
D)  Returns the number of credit card transactions found in the event logs. 
A)  Groups a set of transactions based on time. 
B)  Creates a single event from a group of events. 
C)  Separates two events based on one or more values. 
D)  Returns the number of credit card transactions found in the event logs.

Question 11

Which of the following searches would create a graph similar to the one below?

Accepted Answer

A)  index=_internal sourcetype=SavedSplunker | fields sourcetype, status | transaction status maxspan=1d | stats count by status 
B)  index=_internal sourcetype=SavedSplunker | fields sourcetype, status | transaction status maxspan=1d | chart count OVER status by _time 
C)  index=_internal sourcetype=SavedSplunker | fields sourcetype, status | transaction status maxspan=1d | timechart count by status 
D)  None of these searches would generate a similar graph. 
A)  index=_internal sourcetype=SavedSplunker | fields sourcetype, status | transaction status maxspan=1d | stats count by status 
B)  index=_internal sourcetype=SavedSplunker | fields sourcetype, status | transaction status maxspan=1d | chart count OVER status by _time 
C)  index=_internal sourcetype=SavedSplunker | fields sourcetype, status | transaction status maxspan=1d | timechart count by status 
D)  None of these searches would generate a similar graph.

Question 12

In what order are the following knowledge objects/configurations applied?

Accepted Answer

A)  Field Aliases, Field Extractions, Lookups 
B)  Field Extractions, Field Aliases, Lookups 
C)  Field Extractions, Lookups, Field Aliases 
D)  Lookups, Field Aliases, Field Extractions 
A)  Field Aliases, Field Extractions, Lookups 
B)  Field Extractions, Field Aliases, Lookups 
C)  Field Extractions, Lookups, Field Aliases 
D)  Lookups, Field Aliases, Field Extractions

Question 13

What is the correct syntax to search for a tag associated with a value on a specific field?

Accepted Answer

A) tag= B) tag=() C) tag=:: D) tag::= A) tag= B) tag=() C) tag=:: D) tag::=

Question 14

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the event?

Accepted Answer

A)  Rank 
B)  Weight 
C)  Priority 
D)  Precedence 
A)  Rank 
B)  Weight 
C)  Priority 
D)  Precedence

Question 15

A calculated field may be based on which of the following?

Accepted Answer

A)  Lookup tables 
B)  Extracted fields 
C)  Regular expressions 
D)  Fields generated within a search string 
A)  Lookup tables 
B)  Extracted fields 
C)  Regular expressions 
D)  Fields generated within a search string

Question 16

Which of the following statements is true, especially in large environments?

Accepted Answer

A)  Use the stats command when you need to group events by two or more fields. Use the stats command when you need to group events by two or more fields. 
B)  The stats command is faster and more efficient than the transaction command. The command is faster and more efficient than the transaction command. 
C)  The transaction command is faster and more efficient than the stats command. 
D)  Use the transaction command when you want to see the results of a calculation. command when you want to see the results of a calculation. 
A)  Use the stats command when you need to group events by two or more fields. Use the stats command when you need to group events by two or more fields. 
B)  The stats command is faster and more efficient than the transaction command. The command is faster and more efficient than the transaction command. 
C)  The transaction command is faster and more efficient than the stats command. 
D)  Use the transaction command when you want to see the results of a calculation. command when you want to see the results of a calculation.

Question 17

Which are valid ways to create an event type? (Choose all that apply.)

Accepted Answer

A)  By using the searchtypes command in the search bar. By using the searchtypes command in the search bar. 
B)  By editing the event_type stanza in the props.conf file. 
C)  By going to the Settings menu and clicking Event Types > New. 
D)  By selecting an event in search results and clicking Event Actions > Build Event Type. 
A)  By using the searchtypes command in the search bar. By using the searchtypes command in the search bar. 
B)  By editing the event_type stanza in the props.conf file. 
C)  By going to the Settings menu and clicking Event Types > New. 
D)  By selecting an event in search results and clicking Event Actions > Build Event Type.

Question 18

Data models are composed of one or more of which of the following datasets? (Choose all that apply.)

Accepted Answer

A)  Events datasets 
B)  Search datasets 
C)  Transaction datasets 
D)  Any child of event, transaction, and search datasets 
A)  Events datasets 
B)  Search datasets 
C)  Transaction datasets 
D)  Any child of event, transaction, and search datasets

Question 19

Which group of users would most likely use pivots?

Accepted Answer

A)  Users 
B)  Architects 
C)  Administrators 
D)  Knowledge Managers 
A)  Users 
B)  Architects 
C)  Administrators 
D)  Knowledge Managers

Question 20

When using the timechart command, how can a user group the events into buckets based on time?

Accepted Answer

A)  Using the span argument. Using the span argument. 
B)  Using the duration argument. duration 
C)  Using the interval argument. interval 
D)  Adjusting the fieldformat options. Adjusting the fieldformat options. 
A)  Using the span argument. Using the span argument. 
B)  Using the duration argument. duration 
C)  Using the interval argument. interval 
D)  Adjusting the fieldformat options. Adjusting the fieldformat options.

Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (Choose all that apply.)

What does the Splunk Common Information Model (CIM) add-on include? (Choose all that apply.)

Which of the following statements about tags is true?

Which of the following can be used with the eval command tostring function? (Choose all that apply.)

Which of the following is a function of the Splunk Common Information Model (CIM)?

Which of the following statements about event types is true? (Choose all that apply.)

Which workflow uses field values to perform a secondary search?

When using | timechart by host , which field is represented in the x-axis?

Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags?

What does the transaction command do?

Which of the following searches would create a graph similar to the one below?

In what order are the following knowledge objects/configurations applied?

What is the correct syntax to search for a tag associated with a value on a specific field?

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the event?

A calculated field may be based on which of the following?

Which of the following statements is true, especially in large environments?

Which are valid ways to create an event type? (Choose all that apply.)

Data models are composed of one or more of which of the following datasets? (Choose all that apply.)

Which group of users would most likely use pivots?

When using the timechart command, how can a user group the events into buckets based on time?

Splunk Core Certified User

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 2: Splunk Enterprise Certified Admin

Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (Choose all that apply.)

What does the Splunk Common Information Model (CIM) add-on include? (Choose all that apply.)

Which of the following statements about tags is true?

Which of the following can be used with the eval command tostring function? (Choose all that apply.)

Which of the following is a function of the Splunk Common Information Model (CIM)?

Which of the following statements about event types is true? (Choose all that apply.)

Which workflow uses field values to perform a secondary search?

When using | timechart by host , which field is represented in the x-axis?

Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags?

What does the transaction command do?

Which of the following searches would create a graph similar to the one below?

In what order are the following knowledge objects/configurations applied?

What is the correct syntax to search for a tag associated with a value on a specific field?

When multiple event types with different color values are assigned to the same event, what determines the color displayed for the event?

A calculated field may be based on which of the following?

Which of the following statements is true, especially in large environments?

Which are valid ways to create an event type? (Choose all that apply.)

Data models are composed of one or more of which of the following datasets? (Choose all that apply.)

Which group of users would most likely use pivots?

When using the timechart command, how can a user group the events into buckets based on time?

Splunk Core Certified User

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters