Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Splunk®
  3. SPLK-1002

Splunk® SPLK-1002 Exam (page: 2)
Splunk® Core Certified Power User
Updated on: 25-Dec-2025

Viewing Page 2 of 43
SPLK-1002 PDF 210 Questions

Which group of users would most likely use pivots?

  1. Users
  2. Architects
  3. Administrators
  4. Knowledge Managers

Answer(s): A



When multiple event types with different color values are assigned to the same event, what determines the color displayed for the event?

  1. Rank
  2. Weight
  3. Priority
  4. Precedence

Answer(s): C


Reference:

https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes



Based on the macro definition shown below, what is the correct way to execute the macro in a search string?

  1. "convert_sales(euro,€,.79)"
  2. 'convert_sales(euro,€,.79)'
  3. "convert_sales($euro$,$€$,$.79$)"
  4. 'convert_sales($euro$,$€$,$.79$)'

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Usesearchmacros



There are several ways to access the field extractor.
Which option automatically identifies the data type, source type, and sample event?

  1. Event Actions > Extract Fields
  2. Fields sidebar > Extract New Fields
  3. Settings > Field Extractions > New Field Extraction
  4. Settings > Field Extractions > Open Field Extractor

Answer(s): A


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.4/Knowledge/Managesearch- timefieldextractions



Which of the following statements would help a user choose between the transaction and stats
commands?

  1. stats can only group events using IP addresses.
  2. The transaction command is faster and more efficient.
  3. There is a 1000 event limitation with the transaction command.
  4. Use stats when the events need to be viewed as a single correlated event.

Answer(s): C


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Transaction



Viewing Page 2 of 43



Share your comments for Splunk® SPLK-1002 exam with other users:

Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous