SPLK-1002 Free Practice Test

- (Exam Topic 1)
When should you use the transaction command instead of the scats command?

1. A. When you need to group on multiple values.
2. B. When duration is irrelevant in search result
3. C. .
4. D. When you have over 1000 events in a transaction.
5. E. When you need to group based on start and end constraints.

Correct Answer: C

- (Exam Topic 1)
Which of the following are required to create a POST workflow action?

1. A. Label, URI, search string.
2. B. XMI attributes, URI, name.
3. C. Label, URI, post arguments.
4. D. URI, search string, time range picker.

Correct Answer: B

- (Exam Topic 1)
What does the transaction command do?

1. A. Groups a set of transactions based on time.
2. B. Creates a single event from a group of events.
3. C. Separates two events based on one or more values.
4. D. Returns the number of credit card transactions found in the event logs.

Correct Answer: B

- (Exam Topic 1)
A user wants to convert field values to string and also to sort on those value. Which command should be used first, the eval or the sort?

1. A. It doesn't matter whether eval or sort is used first.
2. B. Convert the numeric to a string with eval first, then sort.
3. C. Use sort first, then convert the numeric to a string with eval.
4. D. You cannot use the sort command and the eval command on the same field.

Correct Answer: B

- (Exam Topic 1)
Which of the following statements is true, especially in large environments?

1. A. Use the scats command when you next to group events by two or more fields.
2. B. The stats command is faster and more efficient than the transaction command
3. C. The transaction command is faster and more efficient than the stats command.
4. D. Use the transaction command when you want to see the results of a calculation.

Correct Answer: B