In automatic lookup definitions, the            fields are those that are not in the event dat a.

A.

input

B.

output

What is the correct order of steps for creating a new lookup?

1. Configure the lookup to run automatically
2. Create the lookup table
3. Define the lookup

A.

2, 1, 3

B.

1, 2, 3

C.

2, 3, 1

D.

1. 3, 2, 1

The command shown here does witch of the following: Command: |outputlookup products.csv

A.

Writes search results to a file named products.csv

B.

Returns the contents of a file named products.csv

Which of the following are not true about lookups? (Select all that apply.)

A.

Lookups can be time based

B.

Search results can be used to populate a lookup table

C.

Splunk DB Connect can be used to populate a lookup table from relational databases

D.

Output from a script can be used to populate a lookup table

E.

Lookup have a 10mg maximum size limit

Lookups allow you to overwrite your raw event.

A.

True

B.

False

It is mandatory for the lookup file to have this for an automatic lookup to work.

A.

Source type

B.

At least five columns

C.

Timestamp

D.

Input filed

By default, all users have DELETE permission to ALL knowledge objects.

A.

True

B.

False

These users can create global knowledge objects. (Select all that apply.)

A.

users

B.

power users

C.

administrators

All users by default have WRITE permission to ALL knowledge objects.

A.

.True

B.

False

Creating Data Models:

Object ATTRIBUTES do not define                        .

A.

a base search for the object

B.

fields for the object