SPLK-1002 Free Practice Test

- (Exam Topic 1)
A space is an implied _____ in a search string.

1. A. OR
2. B. AND
3. C. ()
4. D. NOT

Correct Answer: B

- (Exam Topic 1)
A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?

1. A. Both will appear in the All Fields list, but only if the alias is specified in the search.
2. B. Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.
3. C. The original field only appears in All Fields list and the alias only appears in the Interesting Fields list.
4. D. The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list.

Correct Answer: B

- (Exam Topic 1)
Which delimiters can the Field Extractor (FX) detect? (select all that apply)

1. A. Tabs
2. B. Pipes
3. C. Spaces
4. D. Commas

Correct Answer: ABCD

- (Exam Topic 1)
Which of the following statements describes this search? sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration)

1. A. This is a valid search and will display a timechart of the average duration, of each transaction event.
2. B. This is a valid search and will display a stats table showing the maximum pause among transactions.
3. C. No results will be returned because the transaction command must include the startswith and endswith options.
4. D. No results will be returned because the transaction command must be the last command used in the search pipeline.

Correct Answer: A

- (Exam Topic 1)
Which of the following file formats can be extracted using a delimiter field extraction?

1. A. CSV
2. B. PDF
3. C. XML
4. D. JSON

Correct Answer: A