SPLK-1002 시험 - Splunk실제시험문제와 답 - 64문항

Question No : 1

Which of the following statements describe the search below? (select all that apply)
Index=main I transaction clientip host maxspan=30s maxpause=5s

A.Events in the transaction occurred within 5 seconds.
B.It groups events that share the same clientip and host.
C.The first and last events are no more than 5 seconds apart.
D.The first and last events are no more than 30 seconds apart.

정답:

Question No : 2

Which of the following statements describe calculated fields? (select all that apply)

A.Calculated fields can be used in the search bar.
B.Calculated fields can be based on an extracted field.
C.Calculated fields can only be applied to host and sourcetype.
D.Calculated fields are shortcuts for performing calculations using the eval command.

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields

Question No : 3

Which of the following statements describe GET workflow actions?

A.GET workflow actions must be configured with POST arguments.
B.Configuration of GET workflow actions includes choosing a sourcetype.
C.Label names for GET workflow actions must include a field name surrounded by dollar signs.
D.GET workflow actions can be configured to open the URT link in the current window or in a new window

정답:

Question No : 4

To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?

A.Index-main | REJECT trans sessionid
B.Index-main | transaction sessionid | search REJECT
C.Index=main | transaction sessionid | whose transaction=reject
D.Index=main | transaction sessionid | where transaction=reject’’

정답:

Question No : 5

Which of the following statements about data models and pivot are true? (select all that apply)

A.They are both knowledge objects.
B.Data models are created out of datasets called pivots.
C.Pivot requires users to input SPL searches on data models.
D.Pivot allows the creation of data visualizations that present different aspects of a data model.

정답:

Question No : 6

What do events in a transaction have In common?

A.All events In a transaction must have the same timestamp.
B.All events in a transaction must have the same sourcetype.
C.All events in a transaction must have the exact same set of fields.
D.All events in a transaction must be related by one or more fields.

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Abouttransactions

Question No : 7

Which of the following eval command function is valid?

A.Int ()
B.Count ( )
C.Print ()
D.Tostring ()

정답:

Question No : 8

When using timechart, how many fields can be listed after a by clause?

A.because timechart doesn't support using a by clause.
B.because _time is already implied as the x-axis.
C.because one field would represent the x-axis and the other would represent the y-axis.
D.There is no limit specific to timechart.

정답:

Question No : 9

What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?

A.Macros.
B.Field aliases.
C.The rename command.
D.CIM does not work with different names for the same field.

정답:

Question No : 10

Which of the following statements is true, especially in large environments?

A.Use the scats command when you next to group events by two or more fields.
B.The stats command is faster and more efficient than the transaction command
C.The transaction command is faster and more efficient than the stats command.
D.Use the transaction command when you want to see the results of a calculation.

정답:
Explanation:
Reference: https://answers.splunk.com/answers/103/transaction-vs-stats-commands.html

Question No : 11

When using the Field Extractor (FX), which of the following delimiters will work? (select all that apply)

A.Tabs
B.Pipes
C.Colons
D.Spaces

정답:
Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep
https://community.splunk.com/t5/Splunk-Search/Field-Extraction-Separate-on-Colon/m-p/29751

Question No : 12

Which one of the following statements about the search command is true?

A.It does not allow the use of wildcards.
B.It treats field values in a case-sensitive manner.
C.It can only be used at the beginning of the search pipeline.
D.It behaves exactly like search strings before the first pipe.

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Search/Usethesearchcommand

Question No : 13

What does the transaction command do?

A.Groups a set of transactions based on time.
B.Creates a single event from a group of events.
C.Separates two events based on one or more values.
D.Returns the number of credit card transactions found in the event logs.

정답:

Question No : 14

What is the relationship between data models and pivots?

A.Data models provide the datasets for pivots.
B.Pivots and data models have no relationship.
C.Pivots and data models are the same thing.
D.Pivots provide the datasets for data models.

정답:

Question No : 15

Which of the following statements describe the search string below?
| datamodel Application_State All_Application_State search

A.Evenrches would return a report of sales by state.
B.Events will be returned from the data model named Application_State.
C.Events will be returned from the data model named All_Application_state.
D.No events will be returned because the pipe should occur after the datamodel command

정답:

Splunk SPLK-1002 시험