Big Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Splunk
  3. Splunk Core Certified Power User
  4. SPLK-1002
  5. Splunk Core Certified Power User Exam Questions and Answers

Pass the Splunk Splunk Core Certified Power User SPLK-1002 Questions and answers with CertsForce

 Splunk Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 10 pages
Viewing questions 1-10 out of questions
Questions # 1:

This function of the stats command allows you to identify the number of values a field has.

Options:
A.

max

B.

distinct_count

C.

fields

D.

count

Expert Solution
Questions # 2:

Which of the following does not describe how to create an event type?

Options:
A.

Run a search string and use the Save As button.

B.

Use the New Event Type button from the Settings menu.

C.

Use the Field Extractor to analyze and use the Save As button.

D.

Select search criteria within the Event Type Builder.

Expert Solution
Questions # 3:

What does the fillnull command replace null values with, it the value argument is not specified?

Options:
A.

0

B.

N/A

C.

NaN

D.

NULL

Expert Solution
Questions # 4:

Which of the following is true about the Splunk Common Information Model (CIM)?

Options:
A.

The data models included in the CIM are configured with data model acceleration turned off.

B.

The CIM contains 28 pre-configured datasets.

C.

The CIM is an app that needs to run on the indexer.

D.

The data models included in the CIM are configured with data model acceleration turned on.

Expert Solution
Questions # 5:

Which of the following statements describes POST workflow actions?

Options:
A.

Configuration of a POST workflow action includes choosing a sourcetype.

B.

POST workflow actions can be configured to send email to the URI location.

C.

By default, POST workflow action are shown in both the event and field menus.

D.

POST workflow actions can be configured to send POST arguments to the URI location.

Expert Solution
Questions # 6:

Two separate results tables are being combined using the join command. The outer table has the following values:

The inner table has the following values:

Question # 6

The line of SPL used to join the tables is: join employeeNumber type=outer

How many rows are returned in the new table?

Options:
A.

Three

B.

Eight

C.

Five

D.

Zero

Expert Solution
Questions # 7:

What is the Splunk Common Information Model (CIM)?

Options:
A.

The CIM is a prerequisite that any data source must meet to be successfully onboarded into Splunk.

B.

The CIM provides a methodology to normalize data from different sources and source types.

C.

The CIM defines an ecosystem of apps that can be fully supported by Splunk.

D.

The CIM is a data exchange initiative between software vendors.

Expert Solution
Questions # 8:

A user wants a table that will show the total revenue made for each product in each sales region. Which would be the correct SPL query to use?

Options:
A.

index=X sourcetype=Y | chart sum(product) by price AND region

B.

index=X | chart sum(price) by product, region

C.

index=X | chart total(product) over price by region

D.

index=X | chart total(price) by product, region

Expert Solution
Questions # 9:

This is what Splunk uses to categorize the data that is being indexed.

Options:
A.

sourcetype

B.

index

C.

source

D.

host

Expert Solution
Questions # 10:

What other syntax will produce exactly the same results as | chart count over vendor_action by user?

Options:
A.

| chart count by vendor_action, user

B.

| chart count over vendor_action, user

C.

| chart count by vendor_action over user

D.

| chart count over user by vendor_action

Expert Solution
Viewing page 1 out of 10 pages
Viewing questions 1-10 out of questions