SPLK-1002 Splunk Exam Questions and Free Practice Test

- (Exam Topic 1)
Which of the following statements describe calculated fields? (select all that apply)

A. Calculated fields can be used in the search bar.

B. Calculated fields can be based on an extracted field.

C. Calculated fields can only be applied to host and sourcetype.

D. Calculated fields are shortcuts for performing calculations using the eval command.

Correct Answer:BD

- (Exam Topic 1)
What does the fillnull command replace null values with, it the value argument is not specified?

A. N/A

B. NaN

C. NULL

Correct Answer:A

- (Exam Topic 1)
Which of the following workflow actions can be executed from search results? (select all that apply)

A. GET

B. POST

C. LOOKUP

D. Search

Correct Answer:ABD

- (Exam Topic 1)
Selected fields are displayed ______ each event in the search results.

A. below

B. interesting fields

C. other fields

D. above

Correct Answer:A

- (Exam Topic 1)
What does the Splunk Common Information Model (CIM) add-on include? (select all that apply)

A. Custom visualizations

B. Pre-configured data models

C. Fields and event category tags

D. Automatic data model acceleration

Correct Answer:AC

- (Exam Topic 2)
Which is not a comparison operator in Splunk

A. <=

B. =

C. !=

D. >

E. ?=

Correct Answer:E

START SPLK-1002 EXAM