CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-1002

Free SPLK-1002 Exam Braindumps (page: 12)

Page 11 of 39
PDF with 297 Questions

When using timechart, how many fields can be listed after a by clause? ( Choose Two )

  1. because timechart doesn't support using a by clause.
  2. because _time is already implied as the x-axis.
  3. because one field would represent the x-axis and the other would represent the y-axis.
  4. There is no limit specific to timechart.

Answer(s): B,D



To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?

  1. Index-main | REJECT trans sessionid
  2. Index-main | transaction sessionid | search REJECT
  3. Index=main | transaction sessionid | whose transaction=reject
  4. Index=main | transaction sessionid | where transaction=reject''

Answer(s): D



Which of the following statements about data models and pivot are true? (select all that apply)

  1. They are both knowledge objects.
  2. Data models are created out of datasets called pivots.
  3. Pivot requires users to input SPL searches on data models.
  4. Pivot allows the creation of data visualizations that present different aspects of a data model.

Answer(s): B,D



Which of the following statements describes Search workflow actions?

  1. By default. Search workflow actions will run as a real-time search.
  2. Search workflow actions can be configured as scheduled searches,
  3. The user can define the time range of the search when created the workflow action.
  4. Search workflow actions cannot be configured with a search string that includes the transaction command

Answer(s): C






Post your Comments and Discuss Splunk® SPLK-1002 exam with other Community members:

SPLK-1002 Discussions & Posts