EVALUATION 2026 EXAM Q&A STUDY
SHEET
◉Which one of these is not a stats function?
A) Count
B) Avg
C) Addtotals
D) List
E) Sum. Answer: C) Addtotals
◉To display the most common values in a specific field, what
command would you use?
A) top
B) all
C) table
D) rare. Answer: A) top
,◉Which clause would you use to rename the count field?
sourcetype=vendor* | stats count __________ "Units Sold"
A) rename
B) to
C) as
D) show. Answer: C) as
◉How many results are shown by default when using a Top or Rare
Command?. Answer: 10
◉Which stats function would you use to find the average value of a
field?. Answer: average (or avg)
◉If a search returns this, you can view the results as a *chart*.
A) A list.
B) Statistical values
C) Time limits.
D) Numbers. Answer: B) Statistical values
,◉T/F:
A time range picker can be included in a report.. Answer: True
◉These roles can create reports:
*(Select all that apply.)*
A) Admin
B) User
C) Power. Answer: A) Admin
B) User
C) Power
◉In a dashboard, a time range picker will only work on panels that
include a(n) __________ search.
A) transforming
B) inline
C) visualization
D) accelerated. Answer: B) inline
◉T/F:
, The User role can not create reports.. Answer: False
◉Adding child data model objects is like the ______ operator in the
Splunk search language.
A) NOT
B) AND
C) OR. Answer: B) AND
◉T/F:
Pivots cannot be saved as reports panels.. Answer: False
◉The instant pivot button is displayed in the statistics and
visualization tabs when a _______ search is run.
A) transforming
B) non-transforming. Answer: B) non-transforming
◉These are knowledge objects that provide the data structure for
pivot.
A) Alerts