SPLK-1002 Free Practice Test

- (Exam Topic 1)
Calculated fields can be based on which of the following?

1. A. Tags
2. B. Extracted fields
3. C. Output fields for a lookup
4. D. Fields generated from a search string

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields
A calculated field is a field that you create based on the value of another field or fields1. You can use calculated fields to enrich your data with additional information or to transform your data into a more useful format1. Calculated fields can be based on extracted fields, which are fields that are extracted from your raw data using various methods such as regular expressions, delimiters, or key-value pairs1. Therefore, option B is correct, while options A, C and D are incorrect because tags, output fields for a lookup, and fields generated from a search string are not types of extracted fields.

- (Exam Topic 2)
Which of the following searches will return events containing a tag named Privileged?

1. A. tag=Priv
2. B. tag=Priv*
3. C. tag=priv*
4. D. tag=privileged

Correct Answer: B
The tag=Priv* search will return events containing a tag named Privileged, as well as any other tag that starts with Priv. The asterisk (*) is a wildcard character that matches zero or more characters. The other searches will not match the exact tag name.

- (Exam Topic 2)
Consider the the following search run over a time range of last 7 days: index=web sourcetype=access_conbined | timechart avg(bytes) by product_nane
Which option is used to change the default time span so that results are grouped into 12 hour intervals?

1. A. span=12h
2. B. timespan=12h
3. C. span=12
4. D. timespan=12

Correct Answer: A
The span option is used to specify the time span for the timechart command. The span value can be a number followed by a time unit, such as h for hour, d for day, w for week, etc. The span value determines how the data is grouped into time buckets. For example, span=12h means that the data is grouped into 12-hour intervals. The timespan option is not a valid option for the timechart command2
1: Splunk Core Certified Power User Track, page 9. 2: Splunk Documentation, timechart command.

- (Exam Topic 2)
Using the export function, you can export search results as _________ .( Select all that apply)

1. A. Xml
2. B. Json
3. C. Html
4. D. A php file

Correct Answer: AB
Using the export function, you can export search results as XML or JSON2. The export function allows you to save your search results in a structured format that can be used by other applications or tools2. You can use the output_mode parameter to specify whether you want to export your results as XML or JSON2. Therefore, options A and B are correct, while options C and D are incorrect because they are not formats that you can export your search results as.

- (Exam Topic 2)
which of the following are valid options with the chart command

1. A. useother
2. B. usenull
3. C. fillfield
4. D. usefiled

Correct Answer: AB