splunk exam 2
Which of the following statement about tags is true? (Select all that apply). - Answer
Tags are based on field/value pairs.
Tags are designed to make data more understandable
When using the timechart command, how can a user group the events into buckets
based on time? - Answer
Which are valid ways to create an event type? (select all that apply). - Answer By going
on the settings menu and clicking event types > New
By selecting an event in search results and clicking event action > Built Event Type
Which of the following statements describe marcos? - Answer A marco is reusable
search string that must contain only a portion of a search.
A user wants to create a new field alias for a field that appears in two sourcetypes. How
many field aliases need to be created? - Answer Two
When creating a search workflow action, which field is required? - Answer Search
string.
What is a limitation of searches generated by workflow action? - Answer Searches
generated by workflow action run with the same permissions as a user running them.
What does the transactions command do? - Answer Groups a set of transactions based
on time.
When performing a regular expression (regex) field extraction using the Field Extractor
(FX), what happens when the require option is used? - Answer Only events which
required string will be included in the extraction.
Which of the following accurate about building a visualization? - Answer There is a wide
variety of visualization types (e.g. static table, line table, pie chart, etc.).
Which of the following statement describe the command below? (select all that apply)
sourcetype=access_ combined | transaction JSESSIONID. - Answer An additional field
named duration is created.
An additional field named eventcount is created.
Events with the same JSESSIONID will be grouped together into a single event.
Information needed to create a GET workflow action includes which of the following?
( select all that apply). - Answer A URL where the user will be directed at search time.
A label that will appear in the Event Action menu at search time.
, What other syntax will produce exactly the same results as | chart count over
vendor_action by user? - Answer Chart count by vendor_action, user.
Which of the following statements describes POST workflow actions? - Answer POST
workflow actions can be configured to send POST arguments to the URI location.
Which delimiters can the Field Extractor (FX) detect? (select all that apply). - Answer
Tabs
Pipes
Space
Commas
In what order are the following knowledge objects/configurations applied? - Answer
Field Extractions, Field Aliases, Lookups
When is a GET workflow action needed? - Answer To send field values to an external
resource.
Which of the following can be used with the evil command tostring function? (select all
that apply) - Answer "hex"
"comma's"
" duration"
What information must be included when using the datamodel command? - Answer
Data model dataset name
Data models fields can be added using the Auto-Extracted method. Which of the
following statements describe Auto-Extracted fields. - Answer Auto-Extracted fields can
be given a friendly name for use in pivot.
What is the correct Syntax to search for a tag associated with a value on a specific
field? - Answer tag ::< field>=< tagname>
When using the Field Extractor (FX), which of the following delimiter will work? (select
all that apply). - Answer Tabs
Pipes
Colons
Spaces
When should transaction be used? - Answer When event grouping is based on start/end
values.
The Field Extractor (FX) is used to extract a custom field. A report can be created using
the custom field. The created report can then be shared with other people in the
organization. If another person in the organization run the shared report and no results
are returned, why might this be? (select all that apply). - Answer Fast mode is enabled.
Which of the following statement about tags is true? (Select all that apply). - Answer
Tags are based on field/value pairs.
Tags are designed to make data more understandable
When using the timechart command, how can a user group the events into buckets
based on time? - Answer
Which are valid ways to create an event type? (select all that apply). - Answer By going
on the settings menu and clicking event types > New
By selecting an event in search results and clicking event action > Built Event Type
Which of the following statements describe marcos? - Answer A marco is reusable
search string that must contain only a portion of a search.
A user wants to create a new field alias for a field that appears in two sourcetypes. How
many field aliases need to be created? - Answer Two
When creating a search workflow action, which field is required? - Answer Search
string.
What is a limitation of searches generated by workflow action? - Answer Searches
generated by workflow action run with the same permissions as a user running them.
What does the transactions command do? - Answer Groups a set of transactions based
on time.
When performing a regular expression (regex) field extraction using the Field Extractor
(FX), what happens when the require option is used? - Answer Only events which
required string will be included in the extraction.
Which of the following accurate about building a visualization? - Answer There is a wide
variety of visualization types (e.g. static table, line table, pie chart, etc.).
Which of the following statement describe the command below? (select all that apply)
sourcetype=access_ combined | transaction JSESSIONID. - Answer An additional field
named duration is created.
An additional field named eventcount is created.
Events with the same JSESSIONID will be grouped together into a single event.
Information needed to create a GET workflow action includes which of the following?
( select all that apply). - Answer A URL where the user will be directed at search time.
A label that will appear in the Event Action menu at search time.
, What other syntax will produce exactly the same results as | chart count over
vendor_action by user? - Answer Chart count by vendor_action, user.
Which of the following statements describes POST workflow actions? - Answer POST
workflow actions can be configured to send POST arguments to the URI location.
Which delimiters can the Field Extractor (FX) detect? (select all that apply). - Answer
Tabs
Pipes
Space
Commas
In what order are the following knowledge objects/configurations applied? - Answer
Field Extractions, Field Aliases, Lookups
When is a GET workflow action needed? - Answer To send field values to an external
resource.
Which of the following can be used with the evil command tostring function? (select all
that apply) - Answer "hex"
"comma's"
" duration"
What information must be included when using the datamodel command? - Answer
Data model dataset name
Data models fields can be added using the Auto-Extracted method. Which of the
following statements describe Auto-Extracted fields. - Answer Auto-Extracted fields can
be given a friendly name for use in pivot.
What is the correct Syntax to search for a tag associated with a value on a specific
field? - Answer tag ::< field>=< tagname>
When using the Field Extractor (FX), which of the following delimiter will work? (select
all that apply). - Answer Tabs
Pipes
Colons
Spaces
When should transaction be used? - Answer When event grouping is based on start/end
values.
The Field Extractor (FX) is used to extract a custom field. A report can be created using
the custom field. The created report can then be shared with other people in the
organization. If another person in the organization run the shared report and no results
are returned, why might this be? (select all that apply). - Answer Fast mode is enabled.
