Notes: Hi all, Splunk Core Certified Power User SPLK-1002 Practice Exam Part 2 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take Splunk Core Certified Power User SPLK-1002 Actual Exam because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.

16. A data model consists of which three types of datasets?

A. Constraint, field, value.
B. Events, searches, transactions.
C. Field extraction, regex, delimited.
D. Transaction, session ID, metadata.

17. Where are the results of eval commands stored?

A. In a field.
B. In an index.
C. In a KV Store.
D. In a database.

18. Which of the following statements describe calculated fields? (Choose all that apply.)

A. Calculated fields can be used in the search bar.
B. Calculated fields can be based on an extracted field.
C. Calculated fields can only be applied to host and sourcetype.
D. Calculated fields are shortcuts for performing calculations using the eval command.

19. Calculated fields can be based on which of the following?

A. Tags
B. Extracted fields
C. Output fields for a lookup
D. Fields generated from a search string

20. When should transactions be used?
A. Only in a large distributed Splunk environment.
B. When calculating results from one or more fields.
C. When event grouping is based on start/end values.
D. When grouping events results in over 1000 events in each group.

21. When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

A. The regex can no longer be edited.
B. The field being extracted will be required for all future events.
C. The events without the required field will not display in searches.
D. Only events with the required string will be included in the extraction.

22. When using | timechart by host, which field is represented in the x-axis?

A. date
B. host
C. time
D. _time

23. Which of the following is the correct way to use the data model command to search fields in the Web data model within the Web dataset?

A. | datamodel Web Web search | fields Web*
B. | search datamodel Web Web | fields Web*
C. | datamodel Web Web fields | search Web*
D. datamodel=Web | search Web | fields Web*

24. Which of the following statements describe the command below? (Choose all that apply.) sourcetype=access_combined | transaction JSESSIONID

A. An additional field named maxspan is created.
B. An additional field named duration is created.
C. An additional field named eventcount is created.
D. Events with the same JSESSIONID will be grouped together into a single event.

25. Which of the following searches will return events containing a tag named Privileged?

A. tag=Priv
B. tag=Priv*
C. tag=priv*
D. tag=privileged

26. Given the macro definition below, what should be entered into the Name and Arguments fields to correctly configure the macro?

A. The macro name is sessiontracker and the arguments are action, JESSIONID
B. The macro name is sessiontracker(2) and the arguments are action, JESSIONID.
C. The macro name is sessiontracker and the arguments are $action$, $JESSIONID$.
D. The macro name is sessiontracker(2) and the Arguments are $action$, $JESSIONID$.

27. What is required for a macro to accept three arguments?

A. The macro’s name ends with (3).
B. The macro’s name starts with (3).
C. The macro’s argument count setting is 3 or more.
D. Nothing, all macros can accept any number of arguments.

28. Which workflow action method can be used when the action type is set to link?

A. GET
B. PUT
C. Search
D. UPDATE

29. Which of the following statements about tags is true? (Choose all that apply.)

A. Tags are case-insensitive.
B. Tags are based on field/value pairs.
C. Tags categorize events based on a search.
D. Tags are designed to make data more understandable.

30. Which of the following statements about macros is true? (Choose all that apply.)

A. Arguments are defined at execution time.
B. Arguments are defined when the macro is created.
C. Argument values are used to resolve the search string at execution time.
D. Argument values are used to resolve the search string when the macro is created.