10/27/21, 1:18 PM SPLK-1002 Exam – Free Actual Q&As, Page 1 | ExamTopics
- Expert Verified, Online, Free.
Topic 1 - Single Topic
Question #1
Which one of the following statements about the search command is true?
A. It does not allow the use of wildcards.
B. It treats field values in a case-sensitive manner.
C. It can only be used at the beginning of the search pipeline.
D. It behaves exactly like search strings before the first pipe.
Correct Answer: D
Reference:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Search/Usethesearchcommand
oksey Highly Voted 1 year, 1 month ago
The Correct Ans is D
upvoted 9 times
Dracula666 Most Recent 1 month, 2 weeks ago
The correct answer is D. Slide 115
upvoted 1 times
leonmflai4exam 9 months, 3 weeks ago
P.115 of F2. Behaves exactly like the search strings before the first pipe
upvoted 4 times
sid2051 1 year, 1 month ago
D is correct
upvoted 2 times
,10/27/21, 1:18 PM SPLK-1002 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #2
Which of the following actions can the eval command perform?
A. Remove fields from results.
B. Create or replace an existing field.
C. Group transactions by one or more fields.
D. Save SPL commands to be reused in other searches.
Correct Answer: B
cthulhu 3 weeks, 6 days ago
B is correct. Reference: https://docs.splunk.com/Documentation/Splunk/8.2.2/SearchReference/Eval
upvoted 1 times
Dracula666 1 month, 2 weeks ago
Answer B.
Slide 97 Results of eval written to either new or existing field you specify. If the destination field exists,
result of eval
upvoted 1 times
Nanila 7 months, 3 weeks ago
It's B
upvoted 2 times
RyanDST 8 months, 2 weeks ago
"A" should be incorrect, "eval" can create or replace fields, but not remove.
upvoted 2 times
leonmflai4exam 9 months, 3 weeks ago
Is "A" True also?
upvoted 1 times
muraliecm 10 months ago
Is "A" true?
upvoted 2 times
ggfsplunk 11 months, 2 weeks ago
"B" is also true.
upvoted 1 times
sid2051 1 year, 1 month ago
B is correct
upvoted 2 times
Shabhi16 1 year, 1 month ago
B is true
,10/27/21, 1:18 PM SPLK-1002 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #3
When can a pipe follow a macro?
A. A pipe may always follow a macro.
B. The current user must own the macro.
C. The macro must be defined in the current app.
D. Only when sharing is set to global for the macro.
Correct Answer: A
[Removed] Highly Voted 11 months, 1 week ago
A
Fund 2 - P.212: Using a basic macro - Pipe to more commands, or precede with a search string
upvoted 9 times
cthulhu Most Recent 3 weeks, 6 days ago
The answer is A. Additional reference found here: https://books.google.com.mx/books?
id=Ut18DwAAQBAJ&pg=PA173&lpg=PA173&dq=use+a+pipe+after+a+macro+splunk&source=bl&o
SmHkFbavFyVeV3zw&hl=en&sa=X&ved=2ahUKEwiU077T_6TzAhVzkGoFHaQBAsoQ6AF6BAgQEAM#v=
0a%20macro%20splunk&f=false
upvoted 1 times
mikey_76 1 month, 3 weeks ago
The answer is A but the wording of B, C and D make it sound like the question is asking "WHO can use
upvoted 1 times
leonmflai4exam 10 months ago
Should it be A? since this question is asking for when will "pipe" be placed
upvoted 2 times
muraliecm 10 months ago
"The macro must be defined in the current app"
upvoted 1 times
TeeCeeP 11 months, 1 week ago
I am thinking A. Nothing found anywhere?
upvoted 3 times
rishbah 1 year ago
Correct answer is C
upvoted 3 times
jiaminyun 8 months ago
C why ?
upvoted 1 times
, 10/27/21, 1:18 PM SPLK-1002 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #4
Data models are composed of one or more of which of the following datasets? (Choose all that apply.)
A. Events datasets
B. Search datasets
C. Transaction datasets
D. Any child of event, transaction, and search datasets
Correct Answer: ABC
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels
Glat Highly Voted 10 months, 1 week ago
Answer is ABC,
See p231 of F2
upvoted 13 times
DeltaPotato 2 months, 3 weeks ago
Test appears to be based off of the 7.x materials provided in Fund 2. Just finished class (July 2021). C
only lists ABC.
upvoted 3 times
Powdered_Sugar Highly Voted 10 months, 4 weeks ago
I'm pretty sure all four of them are correct. The about data models page lists four types of datasets:
Event datasets,
Search datasets,
Transaction datasets,
Child datasets
https://docs.splunk.com/Documentation/Splunk/8.1.0/Knowledge/Aboutdatamodels
upvoted 10 times
krishdee 5 months, 3 weeks ago
how to create child data set for Search data set?
upvoted 1 times
currotron 6 months, 2 weeks ago
It's true! Datasets break down into four types. These types are: Event datasets, search datasets, trans
Ref.: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels
upvoted 1 times
Liberatus 10 months, 3 weeks ago
You are correct
upvoted 4 times
- Expert Verified, Online, Free.
Topic 1 - Single Topic
Question #1
Which one of the following statements about the search command is true?
A. It does not allow the use of wildcards.
B. It treats field values in a case-sensitive manner.
C. It can only be used at the beginning of the search pipeline.
D. It behaves exactly like search strings before the first pipe.
Correct Answer: D
Reference:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Search/Usethesearchcommand
oksey Highly Voted 1 year, 1 month ago
The Correct Ans is D
upvoted 9 times
Dracula666 Most Recent 1 month, 2 weeks ago
The correct answer is D. Slide 115
upvoted 1 times
leonmflai4exam 9 months, 3 weeks ago
P.115 of F2. Behaves exactly like the search strings before the first pipe
upvoted 4 times
sid2051 1 year, 1 month ago
D is correct
upvoted 2 times
,10/27/21, 1:18 PM SPLK-1002 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #2
Which of the following actions can the eval command perform?
A. Remove fields from results.
B. Create or replace an existing field.
C. Group transactions by one or more fields.
D. Save SPL commands to be reused in other searches.
Correct Answer: B
cthulhu 3 weeks, 6 days ago
B is correct. Reference: https://docs.splunk.com/Documentation/Splunk/8.2.2/SearchReference/Eval
upvoted 1 times
Dracula666 1 month, 2 weeks ago
Answer B.
Slide 97 Results of eval written to either new or existing field you specify. If the destination field exists,
result of eval
upvoted 1 times
Nanila 7 months, 3 weeks ago
It's B
upvoted 2 times
RyanDST 8 months, 2 weeks ago
"A" should be incorrect, "eval" can create or replace fields, but not remove.
upvoted 2 times
leonmflai4exam 9 months, 3 weeks ago
Is "A" True also?
upvoted 1 times
muraliecm 10 months ago
Is "A" true?
upvoted 2 times
ggfsplunk 11 months, 2 weeks ago
"B" is also true.
upvoted 1 times
sid2051 1 year, 1 month ago
B is correct
upvoted 2 times
Shabhi16 1 year, 1 month ago
B is true
,10/27/21, 1:18 PM SPLK-1002 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #3
When can a pipe follow a macro?
A. A pipe may always follow a macro.
B. The current user must own the macro.
C. The macro must be defined in the current app.
D. Only when sharing is set to global for the macro.
Correct Answer: A
[Removed] Highly Voted 11 months, 1 week ago
A
Fund 2 - P.212: Using a basic macro - Pipe to more commands, or precede with a search string
upvoted 9 times
cthulhu Most Recent 3 weeks, 6 days ago
The answer is A. Additional reference found here: https://books.google.com.mx/books?
id=Ut18DwAAQBAJ&pg=PA173&lpg=PA173&dq=use+a+pipe+after+a+macro+splunk&source=bl&o
SmHkFbavFyVeV3zw&hl=en&sa=X&ved=2ahUKEwiU077T_6TzAhVzkGoFHaQBAsoQ6AF6BAgQEAM#v=
0a%20macro%20splunk&f=false
upvoted 1 times
mikey_76 1 month, 3 weeks ago
The answer is A but the wording of B, C and D make it sound like the question is asking "WHO can use
upvoted 1 times
leonmflai4exam 10 months ago
Should it be A? since this question is asking for when will "pipe" be placed
upvoted 2 times
muraliecm 10 months ago
"The macro must be defined in the current app"
upvoted 1 times
TeeCeeP 11 months, 1 week ago
I am thinking A. Nothing found anywhere?
upvoted 3 times
rishbah 1 year ago
Correct answer is C
upvoted 3 times
jiaminyun 8 months ago
C why ?
upvoted 1 times
, 10/27/21, 1:18 PM SPLK-1002 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #4
Data models are composed of one or more of which of the following datasets? (Choose all that apply.)
A. Events datasets
B. Search datasets
C. Transaction datasets
D. Any child of event, transaction, and search datasets
Correct Answer: ABC
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels
Glat Highly Voted 10 months, 1 week ago
Answer is ABC,
See p231 of F2
upvoted 13 times
DeltaPotato 2 months, 3 weeks ago
Test appears to be based off of the 7.x materials provided in Fund 2. Just finished class (July 2021). C
only lists ABC.
upvoted 3 times
Powdered_Sugar Highly Voted 10 months, 4 weeks ago
I'm pretty sure all four of them are correct. The about data models page lists four types of datasets:
Event datasets,
Search datasets,
Transaction datasets,
Child datasets
https://docs.splunk.com/Documentation/Splunk/8.1.0/Knowledge/Aboutdatamodels
upvoted 10 times
krishdee 5 months, 3 weeks ago
how to create child data set for Search data set?
upvoted 1 times
currotron 6 months, 2 weeks ago
It's true! Datasets break down into four types. These types are: Event datasets, search datasets, trans
Ref.: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels
upvoted 1 times
Liberatus 10 months, 3 weeks ago
You are correct
upvoted 4 times
