Cisco®
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
ServiceNow®
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-1002

SPLK-1002: Splunk Core Certified Power User
Free Practice Exam Questions (page: 8)
Updated On: 2-Jan-2026

Page 8 of 54
PDF with 210 Questions

Which of the following searches will return events containing a tag named Privileged?

  1. tag=Priv
  2. tag=Priv*
  3. tag=priv*
  4. tag=privileged

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity



Given the macro definition below, what should be entered into the Name and Arguments fields to correctly configure the macro?

  1. The macro name is sessiontracker and the arguments are action, JESSIONID.
  2. The macro name is sessiontracker(2) and the arguments are action, JESSIONID.
  3. The macro name is sessiontracker and the arguments are $action$, $JESSIONID$.
  4. The macro name is sessiontracker(2) and the Arguments are $action$, $JESSIONID$.

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Definesearchmacros



What is required for a macro to accept three arguments?

  1. The macro's name ends with (3).
  2. The macro's name starts with (3).
  3. The macro's argument count setting is 3 or more.
  4. Nothing, all macros can accept any number of arguments.

Answer(s): A



Which workflow action method can be used when the action type is set to link?

  1. GET
  2. PUT
  3. Search
  4. UPDATE

Answer(s): A


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/SetupaGETworkflowaction



Viewing page 8 of 54
Viewing questions 29 - 32 out of 210 questions



Post your Comments and Discuss Splunk® SPLK-1002 exam prep with other Community members:

SPLK-1002 Exam Discussions & Posts