Splunk Core Power User Exam
Selected fields are displayed ________ each event in the results.
a. below
b. interesting fields
c. other fields
d. above - Answer a. below
Search terms are not case sensitive. (T/F) - Answer True
These two searches will NOT return the same results.
SEARCH 1:login failure SEARCH 2: "login failure" (T/F) - Answer True
A space is implied ______________ in a search string.
a. OR
b. AND
c. ()
d. NOT - Answer b. AND
You can not specify a relative time range, such as 45 seconds ago, for a search (T/F) -
Answer False
To use field value data from an event in a Workflow Action, we need to:
a. Create tags for the fields.
b. Select the GET method.
c. Wrap the field in dollar signs. - Answer c. Wrap the field in dollar signs.
This Workflow Action type sends field values to external resources.
a. POST
b. GET
c. Search - Answer a. POST
Workflow Actions can only be applied to a single field.
FALSE
TRUE - Answer False
Hidden fields in a data model:
a. will not be displayed to a Pivot user, but can be used to define other datasets
b. will not be displayed in the dataset editor
, c. will be displayed to a Pivot user that has permissions to the field - Answer a. will not
be displayed to a Pivot user, but can be used to define other datasets
_____ datasets can be added to a root dataset to narrow down the search.
a. event
b. child
c. parent
d. extracted - Answer b. child
Which of these are NOT Data Model dataset types:
a. Searches
b. Events
c. Transactions
d. Lookups - Answer d. Lookups
You can normalize data for CIM use:
Select all that apply.
a. Using Knowledge Objects.
b. At index time.
c. Only after adding the CIM Add-on. - Answer a. Using Knowledge Objects.
b. At index time.
By default, data models in the CIM Add-on will search across all indexes.
FALSE
TRUE - Answer True
The CIM Add-on indexes extra data and will affect license usage.
FALSE
TRUE - Answer False
How many results are shown by default when using a Top or Rare Command? - Answer
10
Warm buckets in Splunk indexes are named by:
a. the timestamps of first and last event in the bucket
b. a naming convention the administrator determines
c. the server that sent the events - Answer a. the timestamps of first and last event in
the bucket
Selected fields are displayed ________ each event in the results.
a. below
b. interesting fields
c. other fields
d. above - Answer a. below
Search terms are not case sensitive. (T/F) - Answer True
These two searches will NOT return the same results.
SEARCH 1:login failure SEARCH 2: "login failure" (T/F) - Answer True
A space is implied ______________ in a search string.
a. OR
b. AND
c. ()
d. NOT - Answer b. AND
You can not specify a relative time range, such as 45 seconds ago, for a search (T/F) -
Answer False
To use field value data from an event in a Workflow Action, we need to:
a. Create tags for the fields.
b. Select the GET method.
c. Wrap the field in dollar signs. - Answer c. Wrap the field in dollar signs.
This Workflow Action type sends field values to external resources.
a. POST
b. GET
c. Search - Answer a. POST
Workflow Actions can only be applied to a single field.
FALSE
TRUE - Answer False
Hidden fields in a data model:
a. will not be displayed to a Pivot user, but can be used to define other datasets
b. will not be displayed in the dataset editor
, c. will be displayed to a Pivot user that has permissions to the field - Answer a. will not
be displayed to a Pivot user, but can be used to define other datasets
_____ datasets can be added to a root dataset to narrow down the search.
a. event
b. child
c. parent
d. extracted - Answer b. child
Which of these are NOT Data Model dataset types:
a. Searches
b. Events
c. Transactions
d. Lookups - Answer d. Lookups
You can normalize data for CIM use:
Select all that apply.
a. Using Knowledge Objects.
b. At index time.
c. Only after adding the CIM Add-on. - Answer a. Using Knowledge Objects.
b. At index time.
By default, data models in the CIM Add-on will search across all indexes.
FALSE
TRUE - Answer True
The CIM Add-on indexes extra data and will affect license usage.
FALSE
TRUE - Answer False
How many results are shown by default when using a Top or Rare Command? - Answer
10
Warm buckets in Splunk indexes are named by:
a. the timestamps of first and last event in the bucket
b. a naming convention the administrator determines
c. the server that sent the events - Answer a. the timestamps of first and last event in
the bucket
