SPLK-1002 Free Practice Test

- (Exam Topic 2)
This clause is used to group the output of a stats command by a specific name.

1. A. Rex
2. B. As
3. C. List
4. D. By

Correct Answer: B

- (Exam Topic 2)
Field aliases are used to _______ data

1. A. clean
2. B. transform
3. C. calculate
4. D. normalize

Correct Answer: D

- (Exam Topic 2)
If a search returns _______ it can be viewed as a chart.

1. A. timestamps
2. B. statistics
3. C. events
4. D. keywords

Correct Answer: B
If a search returns statistics, it can be viewed as a chart2. Statistics are tabular data that show the relationship between two or more fields2. You can create statistics by using commands such as stats, chart or timechart2. You can view statistics as a chart by selecting the Visualization tab in the Search app and choosing a chart type such as column, line or pie2. Therefore, option B is correct, while options A, C and D are incorrect because they are not types of data that can be viewed as a chart.

- (Exam Topic 2)
When creating a data model, which root dataset requires at least one constraint?

1. A. Root transaction dataset
2. B. Root event dataset
3. C. Root child dataset
4. D. Root search dataset

Correct Answer: B
The correct answer is B. Root event dataset. This is because root event datasets are defined by a constraint that filters out events that are not relevant to the dataset. A constraint for a root event dataset is a simple search that returns a fairly wide range of data, such as sourcetype=access_combined. Without a constraint, a root event dataset would include all the events in the index, which is not useful for data modeling. You can learn more about how to design data models and add root event datasets from the Splunk documentation1. The other options are incorrect because root transaction datasets and root search datasets have different ways of defining their datasets, such as transaction definitions or complex searches, and root child datasets are not a valid type of root dataset.

- (Exam Topic 1)
When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?

1. A. Rank
2. B. Weight
3. C. Priority
4. D. Precedence

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes When multiple event types with different color values are assigned to the same event, the color displayed for the events is determined by the priority of the event types. The priority is a numerical value that indicates how important an event type is. The higher the priority, the more important the event type. The event type with the highest priority will determine the color of the event.