test 1

Question 1

how many field extraction methods are there?

Answer 1

2

regular expression and delimiters

Question 2

which command allows to perform search existing data models and their datasets from the search interface?

Answer 2

datamodel

Question 3

by default what is the number of events per transaction?

Answer 3

1000

Question 4

‘Event Type’ comes seventh in the search-time operations order

Answer 4

correct

Question 5

it is a must to specify a statistical function when using the chart command

Answer 5

Correct

Question 6

how many search types affect Splunk performance

Answer 6

4
Dense up to 50000 matching EPS
Sparse up to 5000 matching EPS
Super Sparse up to 2 seconds per index bucket
Rare from 10 to 20 index buckets per second

Question 7

Splunk software knowledge can be grouped into how many categories?

Answer 7

5
Data interpretation– fields and field ectractions
Data Classification– Event Types and transactions
Data Enrichment– lookups and workflow actions
Data Normalisation– Tags and Aliases
Data Models

Question 8

data model editor groups datasets into how many categories?

Answer 8

3

field extractions, lookups and eval expressions

Question 9

a data model consist of how many categories?

Answer 9

3

Question 10

Is it possible to apply field aliases to lookup?

Answer 10

No

Question 11

True or False

Only root events can be accelerated

Answer 11

True

Question 12

True or False

data model name and dataset name are case sensitive

Answer 12

True

Question 13

Where is the occurrence of tags in the sequence of search time operations?

Answer 13

Last

Question 14

true or false

the power user can create an object that persists across all apps

Answer 14

False

Question 15

True or False

It is not possible to apply field aliases to lookups

Answer 15

False

Question 16

True or False

as with chart, it is possible to split timechart by 2 fields

Answer 16

False

Question 17

what does the gauge command allow you to do

Answer 17

set coloured ranges for a single-value visualisation

Question 18

what allows you to categorise events based on search terms

Answer 18

Event Types

Question 19

The time range specified for a historical search defines the……

Answer 19

amount of data fetched from the index matching that time range

Question 20

what clause is used to group the output of a stats command by a specific name

Answer 20

Rex

Question 21

when a search returns______, you can view the results as a list

Answer 21

statistical values

Question 22

which function should you use with the transaction command to set the maximum total time between the earliest and latest events

Answer 22

maxspan

Question 23

what attributes are required to create a POST workflow action?

Answer 23

XML attributes, URL, name

Question 24

In what order are knowledge object/configurations applied?

Answer 24

Field Extraction, Lookups, Field Aliases

Question 25

Can Auto-Extracted fields have their data type changed?

Answer 25

YES

Question 26

True or False

A Macro is a reusable search string that may have a flexible time range

Answer 26

True

Question 27

What happens when you click on a SEGMENT on a chart?

Answer 27

Adds the highlighted value to the search criteria

Question 28

True or False
Useother=f
Split=t
Are valid options in the chart command

Answer 28

FALSE

Question 29

What format does the CIM Add-on data models include?

Answer 29

JSON

Question 30

When a search returns ________, you can view the results as a list

Answer 30

Statistical Values

Question 31

True or False

Users can define the time range of the search when created the workflow action?

Answer 31

True