Topic 1 : Main Questions
Which of the following statements is true, especially in largo environments?
A.
Use the scats command when you next to group events by two or more fields.
B.
The scats command is faster and more efficient than the transaction command
C.
The transaction command is faster and more efficient than the stats command.
D.
Use the transaction command when you want to see the results of a calculation.
The transaction command is faster and more efficient than the stats command.
Which of the following statements describe the Common Information Model (QM)? (select all that apply)
A.
CIM is a methodology for normalizing data.
B.
CIM can correlate data from different sources.
C.
The Knowledge Manager uses the CIM to create knowledge objects.
D.
CIM is ^n app that can coexist with other apps on a single Splunk deployment.
The Knowledge Manager uses the CIM to create knowledge objects.
In which of the following scenarios is an event type more effective than a saved search?
A.
When a search should always include the same time range.
B.
When a search needs to be added to other users' dashboards.
C.
When the search string needs to be used in future searches.
D.
When formatting needs to be included with the search string.
When formatting needs to be included with the search string.
Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro
A.
The macro name is sessiontracker and the argument are action, JESSION.
B.
The macro name is sessiontracker (2) and the action JESSIONID
C.
The macro name is sessiontracker and the argument are sectional ,$ JESSIONIDS.
D.
The macro name is sessiontracker (2) and the argument are $action ,$JESSIONIDS
The macro name is sessiontracker (2) and the action JESSIONID
Which of the following is the correct way to use the data model command to search field in the data model within the web dataset?
A.
| datamodel web search | filed web *
B.
| Search datamodel web web | filed web*
C.
| datamodel web web field | search web*
D.
Datamodel=web | search web | filed web*
| datamodel web search | filed web *
After manually editing; a regular expression (regex), which of the following statements is true?
A.
Changes made manually can be reverted in the Field Extractor (FX) UI.
B.
It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.
C.
It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor
(FX) UI.
D.
The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was
manually edited.
The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was
manually edited.
When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens
when the require option is used?
A.
The regex can no longer be edited.
B.
The field being extracted will be required for all future events.
C.
The events without the required field will not display in searches.
D.
Only events with the required string will be included in the extraction.
Only events with the required string will be included in the extraction.
Which one of the following statements about the search command is true?
A.
It does not allow the use of wildcards.
B.
It treats field values in a case-sensitive manner.
C.
It can only be used at the beginning of the search pipeline.
D.
It behaves exactly like search strings before the first pipe.
It can only be used at the beginning of the search pipeline.
Which of the following searches will return events contains a tag name Privileged?
A.
Tag= Priv
B.
Tag= Priv*
C.
Tag= Priv*
D.
Tag= Privileged
Tag= Privileged
Which of the following eval command function is valid?
A.
Int ()
B.
Count ( )
C.
Print ()
D.
Tostring ()
Tostring ()
| Page 3 out of 13 Pages |
| Previous |
Copyright © - All Rights Reserved