Splunk SPLK-1002 Practice Exams
Last updated on Apr 01,2025- Exam Code: SPLK-1002
- Exam Name: Splunk Core Certified Power User
- Certification Provider: Splunk
- Latest update: Apr 01,2025
In the Field Extractor Utility, this button will display events that do not contain extracted fields.
Select your answer.
- A . Selected-Fields
- B . Non-Matches
- C . Non-Extractions
- D . Matches
Which of the following is included with the Common Information Model (CIM) add-on?
- A . Search macros
- B . Event category tags
- C . Workflow actions
- D . tsidx files
Which workflow action type performs a secondary search?
- A . POST
- B . Drilldown
- C . GET
- D . Search
To create a tag, which of the following conditions must be met by the user?
- A . Identify at least one field:value pair.
- B . Have the Power role at a minimum.
- C . Be able to edit the sourcetype the tag applies to.
- D . Must have the tag capability associated with their user role.
When can a pipe follow a macro?
- A . A pipe may always follow a macro.
- B . The current user must own the macro.
- C . The macro must be defined in the current app.
- D . Only when sharing is set to global for the macro.
How is a macro referenced in a search?
- A . By using the macroname command.
- B . By using the macro command.
- C . By enclosing the macro name in backtick characters (‘).
- D . By enclosing the macro name in single-quote characters (‘).
Which of these stats commands will show the total bytes for each unique combination of page and server?
- A . index=web | stats sum (bytes) BY page BY server
- B . index=web | stats sum (bytes) BY page server
- C . index=web | stats sum(bytes) BY page AND server
- D . index=web | stats sum(bytes) BY values (page) values (server)
For choropleth maps,splunk ships with the following KMZ files (select all that apply)
- A . States of the United States
- B . States and provinces of the united states and Canada
- C . Countries of the European Union
- D . Countries of the World
A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode.
Which field name appears in the results?
- A . Both will appear in the All Fields list, but only if the alias is specified in the search.
- B . Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.
- C . The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.
- D . The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.
The time range specified for a historical search defines the ____________.
- A . Amount of data shown on the timeline as data streams in
- B . Amount of data fetched from index matching that time range
- C . Time range for the static results