最新的Splunk Core Certified Power User - SPLK-1002免費考試真題

A. Use conditional statements

B. Format values

C. Convert values

D. Perform calculations

A. Neither field value will be used and the field will be assigned a NULL value for the given event.

B. The value for the productName field because it appears first.

C. The value for the field because it appears second.

D. Both field values will be used and the product INFO field will become a multivalue field for the given event.

A. Creates lookups without using SPL.

B. Data Models are not required.

C. Creates reports without using SPL

D. Datasets are not required.

A. Creates a table of the total count of mysterymeat corndogs split by user.

B. Creates a table with the count of all types of corndogs eaten split by user.

C. Creates a table of the total count of users and split by corndogs.

D. Creates a table that groups the total number of users by vegetarian corndogs.

A. Calculated fields and event types only.

B. Calculated fields, lookups, event types, and tags.

C. Calculated fields and tags only.

D. Calculated fields, lookups, event types, and extracted fields.

A. An alias of a field.

B. The eventtype field.

C. The tag field.

D. A field added by an automatic lookup.

A. By enclosing the macro name in single-quote characters (').

B. By using the macro command.

C. By enclosing the macro name in backtick characters (').

D. By using the macroname command.

A. Macros

B. Tags

C. Groups

D. Event Types

A. index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField

B. index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField

C. index=main source=mySource oldField=* | eval newField='makeMyField(oldField)'| table _time newField

D. index=main source=mySource oldField=* | "'newField('makeMyField(oldField)')'" | table _time newField

A. When grouping events results in over 1000 events in each group.

B. When event grouping is based on start/end values.

C. When calculating results from one or more fields.

D. Only in a large distributed Splunk environment.

A. events with this field

B. top values by time

C. rare values

D. top values

A. geostats

B. cluster

C. geom

A. Users cannot create visualizations with Pivot.

B. Users must use SPL to find events in a Pivot.

C. Users cannot share visualizations created with Pivot.

D. Users can save reports from Pivot.

A. The original field name is italicized to indicate that it is not an alias.

B. The original field name still exists in the index but is not visible to the user at search time.

C. The original field name is replaced by the field alias within the index.

D. The original field name is not affected by the creation of a field alias.