Splunk Core Certified Power User SPLK-1002 Full Course Free

Splunk Core Certified Power User Exam Questions and Answers

Question 13

When should transaction be used?

Options:

Only in a large distributed Splunk environment.

When calculating results from one or more fields.

When event grouping is based on start/end values.

When grouping events results in over 1000 events in each group.

Question 14

When using multiple expressions in a single eval command, which delimiter is used?

Options:

, (comma)

I (pipe)

/ (forward slash)

: (colon)

Question 15

Which of the following describes this search?

New Search

'third_party_outages(EMEA,-24h)'

Options:

This search will find all events for the third_party_outages event type that have "EMEA" or "-24h" in the raw event data.

This search will run the third_party_outages saved search and filter for events containing "EMEA" and "-24h" in the raw event data.

This search will run the third_party_outages macro and pass the arguments EMEA and -24h to the macro definition.

This search will find all events in the third_party_outages index with the tags EMEA and -24h.

Question 16

A Splunk app is configured to extract domain names in web service logs and specify them as a field named domain.

What workflow action would return an external IP lookup for the field named domain?

Options:

POST

PUT

GET

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Splunk Core Certified Power User SPLK-1002 Full Course Free

Splunk Core Certified Power User Exam Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce