Splunk Core Certified Power User Exam 2023 with
complete solution
What is the only writeable bucket type?
The hot bucket
By what filter are indexes divided into buckets?
By time
What are the 4 types of searches in Splunk (by performance)
Dense, Sparse, Super Sparse, Rare
In searches, what is the scanCount?
The number of events scanned for that particular search
What are the requirement of the underlying search in order to get multi-series
table?
The underlying search must use reporting search commands like chart or timechart
What are the seven chart types?
Line, Area, Column, Bar, Bubble, Scatter and Pie
What is a trait of scatter charts?
Can only show two dimensions. Shows trends in the relationsgip between discrete data
values
What is a trait of bubble charts?
Provides a visual way to view a three dimensional series
What are two commonly used clauses for chart?
over and by
What does the over and by clauses do when used with chart?
divides the data into sub-groupings
(True/False) You can only split chart results over two dimensions
True
chart and timechart commands automatically filter results to include how many
values?
10
What happens to surplus resulting values of chart and timechart commands?
They are grouped into other
(True/False) Null values are not shown by default by chart and timechart
False
What is always the value on the x-axis for timechart?
_time
(True/False) Functions and arguments used with stats and chart can not be used
with timechart
False
(True/False) As with chart, it is possible to split timechart by two fields
False. It is only possible to split by one field
What is the argument for adjusting sampling interval of timechart?
span
What does the trendline command do?
allows you to overlay a computed moving average on a chart
, What is the syntax of the trendline command?
trendline <trendtype><period>(field) [AS newfield]
What command can be used to look up and add location information to an event?
iploaction
What information does the iplocation command include?
city, country, region, latitude and longitude
What is the data-requirement for the geostats command?
Data must include latitude and longitude values
These arguments are used to control column counts when using the geostats
command
gloabllimit and locallimit
This command is used to compute statisticalm functions and render a cluster
map
geostats
What command can be used to show relative metrics for predefined geographic
regions?
geom
(True/False) A sparkline is an inline chart, that can be added to timechart
True
(True/False) Automatically totaling of every columns can be done by using the
Format option
True
This command can be used to add total of all or selected fields
addtotals
the row option for addtotals does (if enabled)
create a column that contains numeric totals for each row
the column option for addtotals does (if enabled)
create a row that contains numeric totals for each column
What does the labelfield option for addtotals specify?
What field the label should be placed in (in general, this should be the leftermost and
first field)
The eval command can be used to
perform calculations, convert, round and format values, use conditional statements
This command allows you to calculate and manipulate field values in your report
eval
(True/false) Results of eval can be written to existing field
True
What happens with a destination field value if the field is the same as the
resulting field of the eval command?
The field value gets overwritten by the resulting value outputted from the eval command
(True/False) Indexed data get modified after field values are overwritten by the
eval command.
False
This operator is used for concatenation
+.
complete solution
What is the only writeable bucket type?
The hot bucket
By what filter are indexes divided into buckets?
By time
What are the 4 types of searches in Splunk (by performance)
Dense, Sparse, Super Sparse, Rare
In searches, what is the scanCount?
The number of events scanned for that particular search
What are the requirement of the underlying search in order to get multi-series
table?
The underlying search must use reporting search commands like chart or timechart
What are the seven chart types?
Line, Area, Column, Bar, Bubble, Scatter and Pie
What is a trait of scatter charts?
Can only show two dimensions. Shows trends in the relationsgip between discrete data
values
What is a trait of bubble charts?
Provides a visual way to view a three dimensional series
What are two commonly used clauses for chart?
over and by
What does the over and by clauses do when used with chart?
divides the data into sub-groupings
(True/False) You can only split chart results over two dimensions
True
chart and timechart commands automatically filter results to include how many
values?
10
What happens to surplus resulting values of chart and timechart commands?
They are grouped into other
(True/False) Null values are not shown by default by chart and timechart
False
What is always the value on the x-axis for timechart?
_time
(True/False) Functions and arguments used with stats and chart can not be used
with timechart
False
(True/False) As with chart, it is possible to split timechart by two fields
False. It is only possible to split by one field
What is the argument for adjusting sampling interval of timechart?
span
What does the trendline command do?
allows you to overlay a computed moving average on a chart
, What is the syntax of the trendline command?
trendline <trendtype><period>(field) [AS newfield]
What command can be used to look up and add location information to an event?
iploaction
What information does the iplocation command include?
city, country, region, latitude and longitude
What is the data-requirement for the geostats command?
Data must include latitude and longitude values
These arguments are used to control column counts when using the geostats
command
gloabllimit and locallimit
This command is used to compute statisticalm functions and render a cluster
map
geostats
What command can be used to show relative metrics for predefined geographic
regions?
geom
(True/False) A sparkline is an inline chart, that can be added to timechart
True
(True/False) Automatically totaling of every columns can be done by using the
Format option
True
This command can be used to add total of all or selected fields
addtotals
the row option for addtotals does (if enabled)
create a column that contains numeric totals for each row
the column option for addtotals does (if enabled)
create a row that contains numeric totals for each column
What does the labelfield option for addtotals specify?
What field the label should be placed in (in general, this should be the leftermost and
first field)
The eval command can be used to
perform calculations, convert, round and format values, use conditional statements
This command allows you to calculate and manipulate field values in your report
eval
(True/false) Results of eval can be written to existing field
True
What happens with a destination field value if the field is the same as the
resulting field of the eval command?
The field value gets overwritten by the resulting value outputted from the eval command
(True/False) Indexed data get modified after field values are overwritten by the
eval command.
False
This operator is used for concatenation
+.
