Splunk Core Certified Power User*
(2022/2023) Graded A+
A calculated field maybe based on which of the following?
A. Lookup tables
B. Extracted fields
C. Regular expressions
D. Fields generated within a search stri
...
Splunk Core Certified Power User*
(2022/2023) Graded A+
A calculated field maybe based on which of the following?
A. Lookup tables
B. Extracted fields
C. Regular expressions
D. Fields generated within a search string ✔✔B. Extracted fields
Which are valid ways to create an event type? (select all that apply)
A. By using the searchtypes command in the search bar.
B. By editing the event_type stanza in the props.conf file.
C. By going to the Settings menu and clicking Event Types > New.
D. By selecting an event in search results and clicking Event Actions > Build Event Type. ✔✔C.
By going to the Settings menu and clicking Event Types > New.
D. By selecting an event in search results and clicking Event Actions > Build Event Type.
Which of the following statements describe the search string below? dacamodel
Application_State All_Application_State search
A. Events will be returned from dataset named Application_state.
B. Events will be returned from the data model named Application_State.
C. Events will be returned from the data model named All_Application_state.
D. No events will be returned because the pipe should occur after the datamodel command
✔✔C. Events will be returned from the data model named All_Application_state.
What is required for a macro to accept three arguments?
A. The macro's name ends with (3).
B. The macro's name starts with (3).
C. The macro's argument count setting is 3 or more.
D. Nothing, all macros can accept any number of arguments. ✔✔A. The macro's name ends with
(3).
Which of the following actions can the aval command perform?
A. Remove fields from results.
B. Create or replace an existing field.
C. Group transactions by one or more fields.
D. Save SPL commands to be reused in other searches. ✔✔B. Create or replace an existing field.
The Field Extractor (FX) is used to extract a custom field. A report can be created using this
custom field. The created report can then be shared with other people in the organization. If
another person in the organization runs the shared report and no results are returned, why might
this be? (select all that apply)
A. Fast mode is enabled.
B. The dashboard is private.
C. The extraction is privateD. The person in the organization running the report does not have access to the i
[Show More]
.png)
