SPLK-1002試験無料問題集（299題）「Splunk Core Certified Power User 認定」

出題：1

A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?

A. The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.

B. Both will appear in the All Fields list, but only if the alias is specified in the search.

C. The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.

D. Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following Statements about macros is true? (select all that apply)

A. Argument values are used to resolve the search string at execution time.

B. Arguments are defined when the macro is created.

C. Argument values are used to resolve the search string when the macro is created.

D. Arguments are defined at execution time.

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following definitions describes a macro named "samplemacro" that accepts two arguments?

A. samplemacro[2]

B. samplemacro(1,2)

C. u amp -CJEUCXG (2)

D. Examplemacro [1,2]

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following is true about data sets used in the Pivot tool?

A. They can only be created from data models.

B. They can only be created by users with the Admin role.

C. They can only be created from summary indexes.

D. They can only be created from saved reports.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

When using the eval command, which of these characters can be used to concatenate a string and a number into a single value?

A. . (period)

B. - (tilde)

C. & (ampersand)

D. + (plus)

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which syntax will find events where the values for the 1 field match the values for the Renewal-MonthYear field?
| where 10yearAnnerversary=Renewal-MonthYear
| where '10yearAnnerversary=Renewal-MonthYear
| where 10yearAnnerversary='Renewal-MonthYear'
| where '10yearAnnerversary'='Renewal-MonthYear'

正解：

where 10yearAnnerversary=Renewal-MonthYear.
The where command is used to filter the search results based on an expression that evaluates to true or false. The where command can compare two fields, two values, or a field and a value. The where command can also use functions, operators, and wildcards to create complex expressions1.
The syntax for the where command is:
| where <expression>
The expression can be a comparison, a calculation, a logical operation, or a combination of these. The expression must evaluate to true or false for each event.
To compare two fields with the where command, you need to use the field names without any quotation marks. For example, if you want to find events where the values for the 10yearAnnerversary field match the values for the Renewal-MonthYear field, you can use the following syntax:
| where 10yearAnnerversary=Renewal-MonthYear
This will return only the events where the two fields have the same value.
The other options are not correct because they use quotation marks around the field names, which will cause the where command to interpret them as string values instead of field names. For example, if you use:
| where '10yearAnnerversary'='Renewal-MonthYear'
This will return no events because there are no events where the string value '10yearAnnerversary' is equal to the string value 'Renewal-MonthYear'.
Explanation:
The correct answer is
Reference:
where command usage

出題：7

When using multiple expressions in a single eval command, which delimiter is used?

A. I (pipe)

B. : (colon)

C. / (forward slash)

D. , (comma)

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following is the correct way to use the data model command to search field in the data model within the web dataset?

A. | datamodel web web field | search web*

B. Datamodel=web | search web | filed web*

C. | datamodel web search | filed web *

D. | Search datamodel web web | filed web*

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

When using | timechart by host, which field is represented in the x-axis?

A. time

B. _time

C. host

D. date

正解：B 解答を投票する

出題：10

Which of the following searches will return all clientip addresses that start with 108?

A. ... | search clientip=108

B. ... | where like (clientip, "108.% )

C. ... | where (clientip=108. % )

D. ... | where (clientip, "108. %")

正解：B 解答を投票する

出題：11

For the following search, which field populates the x-axis?
index=security sourcetype=linux secure | timechart count by action

A. time

B. source type

C. _time

D. action

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

When using the timechart command, what optional argument is used to specify the interval of _time?

A. by

B. bin

C. span

D. over

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

When using the Field Extractor (FX) to perform a field extraction, which delimiter can be used?

A. Any consistent character.

B. A period or comma.

C. A comma.

D. A tab or space.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-1002試験無料問題集「Splunk Core Certified Power User 認定」