Question 1

Which of the following searches would return a report of sales by product_name ?

Accepted Answer

A)  chart sales by product_name 
B)  chart sum(price) as sales by product_name 
C)  stats sum(price) as sales over product_name 
D)  timechart list(sales), values(product_name) 
A)  chart sales by product_name 
B)  chart sum(price) as sales by product_name 
C)  stats sum(price) as sales over product_name 
D)  timechart list(sales), values(product_name)

Question 2

A user wants to create a new field alias for a field that appears in two sourcetypes. How many field aliases need to be created?

Accepted Answer

A)  One. 
B)  Two. 
C)  It depends on whether the original fields have the same name. 
D)  It depends on whether the two sourcetypes are associated with the same index. 
A)  One. 
B)  Two. 
C)  It depends on whether the original fields have the same name. 
D)  It depends on whether the two sourcetypes are associated with the same index.

Question 3

Which delimiters can the Field Extractor (FX) detect? (Choose all that apply.)

Accepted Answer

A)  Tabs 
B)  Pipes 
C)  Spaces 
D)  Commas 
A)  Tabs 
B)  Pipes 
C)  Spaces 
D)  Commas

Question 4

Which of the following statements describe GET workflow actions?

Accepted Answer

A)  GET workflow actions must be configured with POST arguments. 
B)  Configuration of GET workflow actions includes choosing a sourcetype. 
C)  Label names for GET workflow actions must include a field name surrounded by dollar signs. 
D)  GET workflow actions can be configured to open the URI link in the current window or in a new window. 
A)  GET workflow actions must be configured with POST arguments. 
B)  Configuration of GET workflow actions includes choosing a sourcetype. 
C)  Label names for GET workflow actions must include a field name surrounded by dollar signs. 
D)  GET workflow actions can be configured to open the URI link in the current window or in a new window.

Question 5

Which one of the following statements about the search command is true?

Accepted Answer

A)  It does not allow the use of wildcards. 
B)  It treats field values in a case-sensitive manner. 
C)  It can only be used at the beginning of the search pipeline. 
D)  It behaves exactly like search strings before the first pipe. 
A)  It does not allow the use of wildcards. 
B)  It treats field values in a case-sensitive manner. 
C)  It can only be used at the beginning of the search pipeline. 
D)  It behaves exactly like search strings before the first pipe.

Question 6

Where are the results of eval commands stored?

Accepted Answer

A)  In a field. 
B)  In an index. 
C)  In a KV Store. 
D)  In a database. 
A)  In a field. 
B)  In an index. 
C)  In a KV Store. 
D)  In a database.

Question 7

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

Accepted Answer

A)  The regex can no longer be edited. 
B)  The field being extracted will be required for all future events. 
C)  The events without the required field will not display in searches. 
D)  Only events with the required string will be included in the extraction. 
A)  The regex can no longer be edited. 
B)  The field being extracted will be required for all future events. 
C)  The events without the required field will not display in searches. 
D)  Only events with the required string will be included in the extraction.

Question 8

How does a user display a chart in stack mode?

Accepted Answer

A)  By using the stack command. By using the stack command. 
B)  By turning on the Use Trellis Layout option. 
C)  By changing Stack Mode in the Format menu. 
D)  You cannot display a chart in stack mode, only a timechart. 
A)  By using the stack command. By using the stack command. 
B)  By turning on the Use Trellis Layout option. 
C)  By changing Stack Mode in the Format menu. 
D)  You cannot display a chart in stack mode, only a timechart.

Question 9

Which of the following searches will return events containing a tag named Privileged ?

Accepted Answer

A)  tag=Priv 
B)  tag=Priv* 
C)  tag=priv* 
D)  tag=privileged 
A)  tag=Priv 
B)  tag=Priv* 
C)  tag=priv* 
D)  tag=privileged

Question 10

Which of the following statements describe the search string below? | datamodel Application_State All_Application_State search

Accepted Answer

A)  Events will be returned from dataset named Application_State . Events will be returned from dataset named Application_State . 
B)  Events will be returned from the data model named Application_State . Events will be returned from the data model named 
C)  Events will be returned from the data model named All_Application_State . All_Application_State 
D)  No events will be returned because the pipe should occur after the datamodel command. No events will be returned because the pipe should occur after the datamodel command. 
A)  Events will be returned from dataset named Application_State . Events will be returned from dataset named Application_State . 
B)  Events will be returned from the data model named Application_State . Events will be returned from the data model named 
C)  Events will be returned from the data model named All_Application_State . All_Application_State 
D)  No events will be returned because the pipe should occur after the datamodel command. No events will be returned because the pipe should occur after the datamodel command.

Question 11

When should transaction be used?

Accepted Answer

A)  Only in a large distributed Splunk environment. 
B)  When calculating results from one or more fields. 
C)  When event grouping is based on start/end values. 
D)  When grouping events results in over 1000 events in each group. 
A)  Only in a large distributed Splunk environment. 
B)  When calculating results from one or more fields. 
C)  When event grouping is based on start/end values. 
D)  When grouping events results in over 1000 events in each group.

Question 12

Which of the following is the correct way to use the datamodel command to search fields in the Web data model within the dataset?

Accepted Answer

Question 13

Which of the following statements describe the Common Information Model (CIM)? (Choose all that apply.)

Accepted Answer

A)  CIM is a methodology for normalizing data. 
B)  CIM can correlate data from different sources. 
C)  The Knowledge Manager uses the CIM to create knowledge objects. 
D)  CIM is an app that can coexist with other apps on a single Splunk deployment. 
A)  CIM is a methodology for normalizing data. 
B)  CIM can correlate data from different sources. 
C)  The Knowledge Manager uses the CIM to create knowledge objects. 
D)  CIM is an app that can coexist with other apps on a single Splunk deployment.

Question 14

Which statement is true?

Accepted Answer

A)  Pivot is used for creating datasets. 
B)  Data models are randomly structured datasets. 
C)  Pivot is used for creating reports and dashboards. 
D)  In most cases, each Splunk user will create their own data model. 
A)  Pivot is used for creating datasets. 
B)  Data models are randomly structured datasets. 
C)  Pivot is used for creating reports and dashboards. 
D)  In most cases, each Splunk user will create their own data model.

Question 15

The eval command allows you to do which of the following? (Choose all that apply.)

Accepted Answer

A)  Format values 
B)  Convert values 
C)  Perform calculations 
D)  Use conditional statements 
A)  Format values 
B)  Convert values 
C)  Perform calculations 
D)  Use conditional statements

Question 16

Which of the following statements describes macros?

Accepted Answer

A)  A macro is a reusable search string that must contain the full search. 
B)  A macro is a reusable search string that must have a fixed time range. 
C)  A macro is a reusable search string that may have a flexible time range. 
D)  A macro is a reusable search string that must contain only a portion of the search. 
A)  A macro is a reusable search string that must contain the full search. 
B)  A macro is a reusable search string that must have a fixed time range. 
C)  A macro is a reusable search string that may have a flexible time range. 
D)  A macro is a reusable search string that must contain only a portion of the search.

Question 17

What does the following search do? index=corndog type= mysterymeat action=eaten | stats count as corndog_count by user

Accepted Answer

A)  Creates a table of the total count of users and split by corndogs. 
B)  Creates a table of the total count of mysterymeat corndogs split by user. 
C)  Creates a table with the count of all types of corndogs eaten split by user. 
D)  Creates a table that groups the total number of users by vegetarian corndogs. 
A)  Creates a table of the total count of users and split by corndogs. 
B)  Creates a table of the total count of mysterymeat corndogs split by user. 
C)  Creates a table with the count of all types of corndogs eaten split by user. 
D)  Creates a table that groups the total number of users by vegetarian corndogs.

Question 18

Given the macro definition below, what should be entered into the Name and Arguments fields to correctly configure the macro?

Accepted Answer

A)  The macro name is sessiontracker and the arguments are action, JESSIONID . The macro name is sessiontracker and the arguments are action, JESSIONID . 
B)  The macro name is sessiontracker(2) and the arguments are action, JESSIONID . sessiontracker(2) 
C)  The macro name is sessiontracker and the arguments are $action$, $JESSIONID$ . $action$, $JESSIONID$ 
D)  The macro name is sessiontracker(2) and the Arguments are $action$, $JESSIONID$ . and the Arguments are 
A)  The macro name is sessiontracker and the arguments are action, JESSIONID . The macro name is sessiontracker and the arguments are action, JESSIONID . 
B)  The macro name is sessiontracker(2) and the arguments are action, JESSIONID . sessiontracker(2) 
C)  The macro name is sessiontracker and the arguments are $action$, $JESSIONID$ . $action$, $JESSIONID$ 
D)  The macro name is sessiontracker(2) and the Arguments are $action$, $JESSIONID$ . and the Arguments are

Question 19

To identify all of the contributing events within a transaction that contain at least one REJECT event, which syntax is correct?

Accepted Answer

Which of the following searches would return a report of sales by product_name ?

A user wants to create a new field alias for a field that appears in two sourcetypes. How many field aliases need to be created?

Which delimiters can the Field Extractor (FX) detect? (Choose all that apply.)

Which of the following statements describe GET workflow actions?

Which one of the following statements about the search command is true?

Where are the results of eval commands stored?

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

How does a user display a chart in stack mode?

Which of the following searches will return events containing a tag named Privileged ?

Which of the following statements describe the search string below? | datamodel Application_State All_Application_State search

When should transaction be used?

Which of the following is the correct way to use the datamodel command to search fields in the Web data model within the dataset?

Which of the following statements describe the Common Information Model (CIM)? (Choose all that apply.)

Which statement is true?

The eval command allows you to do which of the following? (Choose all that apply.)

Which of the following statements describes macros?

What does the following search do? index=corndog type= mysterymeat action=eaten | stats count as corndog_count by user

Given the macro definition below, what should be entered into the Name and Arguments fields to correctly configure the macro?

To identify all of the contributing events within a transaction that contain at least one REJECT event, which syntax is correct?

Splunk Core Certified User

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 2: Splunk Enterprise Certified Admin

Which of the following searches would return a report of sales by product_name ?

A user wants to create a new field alias for a field that appears in two sourcetypes. How many field aliases need to be created?

Which delimiters can the Field Extractor (FX) detect? (Choose all that apply.)

Which of the following statements describe GET workflow actions?

Which one of the following statements about the search command is true?

Where are the results of eval commands stored?

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

How does a user display a chart in stack mode?

Which of the following searches will return events containing a tag named Privileged ?

Which of the following statements describe the search string below? | datamodel Application_State All_Application_State search

When should transaction be used?

Which of the following is the correct way to use the datamodel command to search fields in the Web data model within the dataset?

Which of the following statements describe the Common Information Model (CIM)? (Choose all that apply.)

Which statement is true?

The eval command allows you to do which of the following? (Choose all that apply.)

Which of the following statements describes macros?

What does the following search do? index=corndog type= mysterymeat action=eaten | stats count as corndog_count by user

Given the macro definition below, what should be entered into the Name and Arguments fields to correctly configure the macro?

To identify all of the contributing events within a transaction that contain at least one REJECT event, which syntax is correct?

Splunk Core Certified User

Splunk Certified Developer

Splunk Enterprise Certified Architect

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters