Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Splunk®
  3. SPLK-1002

Splunk® SPLK-1002 Exam (page: 1)
Splunk® Core Certified Power User
Updated on: 11-Aug-2025

Viewing Page 1 of 43
SPLK-1002 PDF 210 Questions

Which one of the following statements about the search command is true?

  1. It does not allow the use of wildcards.
  2. It treats field values in a case-sensitive manner.
  3. It can only be used at the beginning of the search pipeline.
  4. It behaves exactly like search strings before the first pipe.

Answer(s): D


Reference:

https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Search/Usethesearchcommand



Which of the following actions can the eval command perform?

  1. Remove fields from results.
  2. Create or replace an existing field.
  3. Group transactions by one or more fields.
  4. Save SPL commands to be reused in other searches.

Answer(s): B



When can a pipe follow a macro?

  1. A pipe may always follow a macro.
  2. The current user must own the macro.
  3. The macro must be defined in the current app.
  4. Only when sharing is set to global for the macro.

Answer(s): A



Data models are composed of one or more of which of the following datasets? (Choose all that apply.)

  1. Events datasets
  2. Search datasets
  3. Transaction datasets
  4. Any child of event, transaction, and search datasets

Answer(s): A,B,C


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels



When using the Field Extractor (FX), which of the following delimiters will work? (Choose all that apply.)

  1. Tabs
  2. Pipes
  3. Colons
  4. Spaces

Answer(s): A,B



Viewing Page 1 of 43



Share your comments for Splunk® SPLK-1002 exam with other users:

Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous