NEW QUESTION 1

Which of the following describes the Splunk Common Information Model (CIM) add-on?

• A. The CIM add-on uses machine learning to normalize data.
• B. The CIM add-on contains dashboards that show how to map data.
• C. The CIM add-on contains data models to help you normalize data.
• D. The CIM add-on is automatically installed in a Splunk environment.

Answer: C

NEW QUESTION 2

Which of the following workflow actions can be executed from search results? (select all that apply)

• A. GET
• B. POST
• C. LOOKUP
• D. Search

Answer: ABD

NEW QUESTION 3

What does the transaction command do?

• A. Groups a set of transactions based on time.
• B. Creates a single event from a group of events.
• C. Separates two events based on one or more values.
• D. Returns the number of credit card transactions found in the event logs.

Answer: B

NEW QUESTION 4

We can use the rename command to ______ (Select all that apply.)

• A. Change indexed fields
• B. Exclude fields from our search results
• C. Extract new fields from our data using regular expressions
• D. Give a field a new name at search time

Answer: D

NEW QUESTION 5

What does the fillnull command replace null values with, it the value argument is not specified?

• A. N/A
• B. NaN
• C. NULL

Answer: A

NEW QUESTION 6

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

• A. The regex can no longer be edited.
• B. The field being extracted will be required for all future events.
• C. The events without the required field will not display in searches.
• D. Only events with the required string will be included in the extraction.

Answer: D

NEW QUESTION 7

Which workflow uses field values to perform a secondary search?

• A. POST
• B. Action
• C. Search
• D. Sub-Search

Answer: C

Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/CreateworkflowactionsinSplunkWeb

NEW QUESTION 8

Which of the following statements describes POST workflow actions?

• A. POST workflow actions are always encrypted.
• B. POST workflow actions cannot use field values in their URI.
• C. POST workflow actions cannot be created on custom sourcetypes.
• D. POST workflow actions can open a web page in either the same window or a new .

Answer: D

NEW QUESTION 9

Which of the following are required to create a POST workflow action?

• A. Label, URI, search string.
• B. XMI attributes, URI, name.
• C. Label, URI, post arguments.
• D. URI, search string, time range picker.

Answer: B

NEW QUESTION 10

Which of the following statements describe data model acceleration? (select all that apply)

• A. Root events cannot be accelerated.
• B. Accelerated data models cannot be edited.
• C. Private data models cannot be accelerated.
• D. You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.

Answer: BCD

NEW QUESTION 11

which of the following are valid options with the chart command

• A. useother
• B. usenull
• C. fillfield
• D. usefiled

Answer: AB

NEW QUESTION 12

Which of the following statements describes this search? sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)

• A. This is a valid search and will display a timechart of the average duration, of each transaction event.
• B. This is a valid search and will display a stats table showing the maximum pause among transactions.
• C. No results will be returned because the transaction command must include the startswith and endswith options.
• D. No results will be returned because the transaction command must be the last command used in the search pipeline.

Answer: A

NEW QUESTION 13

Which of the following searches will return events contains a tag name Privileged?

• A. Tag= Priv
• B. Tag= Priv*
• C. Tag= Priv*
• D. Tag= Privileged

Answer: D

NEW QUESTION 14

How does a user display a chart in stack mode?

• A. By using the stack command.
• B. By turning on the Use Trellis Layout option.
• C. By changing Stack Mode in the Format menu.
• D. You cannot display a chart in stack mode, only a timechart.

Answer: C

NEW QUESTION 15

The eval command 'if' function requires the following three arguments (in order):

• A. Boolean expression, result if true, result if false
• B. Result if true, result if false, boolean expression
• C. Result if false, result if true, boolean expression
• D. Boolean expression, result if false, result if true

Answer: A

NEW QUESTION 16

Which of the following searches will show the number of categoryld used by each host?

• A. Sourcetype=access_* |sum bytes by host
• B. Sourcetype=access_* |stats sum(categoryl
• C. by host
• D. Sourcetype=access_* |sum(bytes) by host
• E. Sourcetype=access_* |stats sum by host

Answer: B

NEW QUESTION 17

Which of the following can be used with the eval command tostring function (select all that apply)

• A. ‘’hex’’
• B. ‘’commas’’
• C. ‘’Decimal’’
• D. ‘’duration’’

Answer: ABD

NEW QUESTION 18

When using the transaction command, what does the argument maxspan do?

• A. Sets the maximum total time between events in a transaction.
• B. Sets the maximum length of all events within a transaction.
• C. Sets the maximum total time between the earliest and latest events in a transaction.
• D. Sets the maximum length that any single event can reach to be included in the transaction.

Answer: B

NEW QUESTION 19

Which of the following are valid options to speed up reports? (Select all the apply.)

• A. Edit permissions
• B. Edit description
• C. Edit acceleration
• D. Edit schedule

Answer: C

NEW QUESTION 20

The gauge command:

• A. creates a single-value visualization
• B. allows you to set colored ranges for a single-value visualization
• C. creates a radial gauge visualization

Answer: B

NEW QUESTION 21

Which group of users would most likely use pivots?

• A. Users
• B. Architects
• C. Administrators
• D. Knowledge Managers

Answer: D

NEW QUESTION 22

Which of the following knowledge objects represents the output of an oval expression?

• A. Eval fields
• B. Calculated fields
• C. Field extractions
• D. Calculated lookups

Answer: C

NEW QUESTION 23

Which of the following statements describes the command below (select all that apply) sourcetype-access_combined | transaction JSESSIONID

• A. An additional filed named maxspan is created.
• B. An additional Held named duration is created.
• C. An additional field named eventcount is created.
• D. Events with the same JSESSIONID will be grouped together into a single event.

Answer: BCD

NEW QUESTION 24

Selected fields are displayed ______ each event in the search results.

• A. below
• B. interesting fields
• C. other fields
• D. above

Answer: A

NEW QUESTION 25
......