SPLK-1002試験無料問題集（290題）「Splunk Core Certified Power User 認定」

出題：1

Which of the following searches show a valid use of macro? (Select all that apply)

A. index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField

B. index=main source=mySource oldField=* | eval newField='makeMyField(oldField)'| table _time newField

C. index=main source=mySource oldField=* | "'newField('makeMyField(oldField)')'" | table _time newField

D. index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?

A. Field aliases.

B. Macros.

C. CIM does not work with different names for the same field.

D. The rename command.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Field aliases are used to __________ data

A. calculate

B. transform

C. normalize

D. clean

正解：C 解答を投票する

出題：4

Which of the following knowledge objects can reference field aliases?

A. Calculated fields, lookups, event types, and tags.

B. Calculated fields and tags only.

C. Calculated fields and event types only.

D. Calculated fields, lookups, event types, and extracted fields.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which statement is true?

A. Pivot is used for creating datasets.

B. Pivot is used for creating reports and dashboards.

C. Data models are randomly structured datasets.

D. In most cases, each Splunk user will create their own data model.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

By default search results are not returned in ________ order.

A. Chronological

B. Reverser chronological

C. Alphabetical

D. ASCIE

正解：A,C 解答を投票する

出題：7

In the following eval statement, what is the value of description if the status is 503? index=main | eval description=case(status==200, "OK", status==404, "Not found", status==500, "Internal Server Error")

A. This statement would produce an error in Splunk because it is incomplete.

B. The description field would contain the value "Internal Server Error".

C. The description field would contain the value 0.

D. The description field would contain no value.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Where are the descriptions of the data models that come with the Splunk Common Information Model (CIM) Add-on documented?

A. Datamodel command reference guide.

B. Search and reporting user manual.

C. Pivot users manual.

D. CIM Add-on manual.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

When performing a regex field extraction with the Field Extractor (FX), a data type must be chosen before a sample event can be selected. Which of the following data types are supported?

A. index or source

B. sourcetype or source

C. index or sourcetype

D. sourcetype or host

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)

A. Pre-configured data models

B. Automatic data model acceleration

C. Custom visualizations

D. Fields and event category tags

正解：A,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Which of the following eval command functions is valid?

A. tostring()

B. print()

C. int()

D. count()

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Clicking a SEGMENT on a chart, ________.

A. drills down for that value

B. highlights the field value across the chart

C. adds the highlighted value to the search criteria

正解：C 解答を投票する

出題：13

Which of the following file formats can be extracted using a delimiter field extraction?

A. PDF

B. CSV

C. XML

D. JSON

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-1002試験無料問題集「Splunk Core Certified Power User 認定」