Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Splunk®
  3. SPLK-1002

Splunk® SPLK-1002 Exam (page: 4)
Splunk® Core Certified Power User
Updated on: 25-Dec-2025

Viewing Page 4 of 43
SPLK-1002 PDF 210 Questions

A data model consists of which three types of datasets?

  1. Constraint, field, value.
  2. Events, searches, transactions.
  3. Field extraction, regex, delimited.
  4. Transaction, session ID, metadata.

Answer(s): B


Reference:

https://docs.splunk.com/Splexicon:Datamodeldataset



Where are the results of eval commands stored?

  1. In a field.
  2. In an index.
  3. In a KV Store.
  4. In a database.

Answer(s): A


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Eval



Which of the following statements describe calculated fields? (Choose all that apply.)

  1. Calculated fields can be used in the search bar.
  2. Calculated fields can be based on an extracted field.
  3. Calculated fields can only be applied to host and sourcetype.
  4. Calculated fields are shortcuts for performing calculations using the eval command.

Answer(s): A,B,D


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields



Calculated fields can be based on which of the following?

  1. Tags
  2. Extracted fields
  3. Output fields for a lookup
  4. Fields generated from a search string

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields



When should transaction be used?

  1. Only in a large distributed Splunk environment.
  2. When calculating results from one or more fields.
  3. When event grouping is based on start/end values.
  4. When grouping events results in over 1000 events in each group.

Answer(s): C



Viewing Page 4 of 43



Share your comments for Splunk® SPLK-1002 exam with other users:

Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous