Splunk SPLK-1002 Practice Exams
Last updated on Apr 07,2025- Exam Code: SPLK-1002
- Exam Name: Splunk Core Certified Power User
- Certification Provider: Splunk
- Latest update: Apr 07,2025
Which of these is NOT a field that is automatically created with the transaction command?
- A . maxcount
- B . duration
- C . eventcount
Consider the following search: index=web sourcetype=access_combined
The log shows several events that share the same jsessionid value (sd497k117o2f098). View the events as a group.
From the following list, which search groups events by JSESSIONID?
- A . index=web sourcetype=access_combined | transaction JSESSIONID | search SD497K117O2F098
- B . index=web sourcetype=access_combined JSESSIONID <sd497kl!7o2f098>
- C . index=web sourcetype=access_combined | highlight JSESSIONID ‘search SD497K117O2F098
- D . index=web sourcetype=access_combined SD497K117O2F098 | table JSESSIONID
Which of the following is true about data model attributes?
- A . They cannot be created within the data model.
- B . They can only be added into a root search dataset.
- C . They cannot be edited if inherited from a parent dataset.
- D . They can be added to a dataset from search time field extractions.
Based on the macro definition shown below, what is the correct way to execute the macro in a search string?
- A . Convert_sales (euro, , 79)”
- B . Convert_sales (euro, , .79)
- C . Convert_sales ($euro, $$, s79$
- D . Convert_sales ($euro, $$, S,79$)
Which of the following statements about tags is true?
- A . Tags are case insensitive.
- B . Tags are created at index time.
- C . Tags can make your data more understandable.
- D . Tags are searched by using the syntax tag:: <fieldneme>
Which of the following is true about data sets used in the Pivot tool?
- A . They can only be created from data models.
- B . They can only be created by users with the Admin role.
- C . They can only be created from summary indexes.
- D . They can only be created from saved reports.
Select this in the fields sidebar to automatically pipe you search results to the rare command
- A . events with this field
- B . rare values
- C . top values by time
- D . top values
When used with the timechart command, which value of the limit argument returns all values?
- A . limit=*
- B . limit=all
- C . limit=none
- D . limit=0
Which search would limit an "alert" tag to the "host" field?
- A . tag=alert
- B . host::tag::alert
- C . tag==alert
- D . tag::host=alert
Which of the following eval command function is valid?
- A . Int ()
- B . Count ( )
- C . Print ()
- D . Tostring ()