Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Splunk®
  3. SPLK-1002

Splunk® SPLK-1002 Exam (page: 5)
Splunk® Core Certified Power User
Updated on: 25-Dec-2025

Viewing Page 5 of 43
SPLK-1002 PDF 210 Questions

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used?

  1. The regex can no longer be edited.
  2. The field being extracted will be required for all future events.
  3. The events without the required field will not display in searches.
  4. Only events with the required string will be included in the extraction.

Answer(s): D



When using | timechart by host, which field is represented in the x-axis?

  1. date
  2. host
  3. time
  4. _time

Answer(s): D

Explanation:



Which of the following is the correct way to use the datamodel command to search fields in the Web data model within the Web dataset?

  1. | datamodel Web Web search | fields Web*
  2. | search datamodel Web Web | fields Web*
  3. | datamodel Web Web fields | search Web*
  4. datamodel=Web | search Web | fields Web*

Answer(s): A



Which of the following statements describe the command below? (Choose all that apply.)
sourcetype=access_combined | transaction JSESSIONID

  1. An additional field named maxspan is created.
  2. An additional field named duration is created.
  3. An additional field named eventcount is created.
  4. Events with the same JSESSIONID will be grouped together into a single event.

Answer(s): B,C,D



Which of the following searches will return events containing a tag named Privileged?

  1. tag=Priv
  2. tag=Priv*
  3. tag=priv*
  4. tag=privileged

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity



Viewing Page 5 of 43



Share your comments for Splunk® SPLK-1002 exam with other users:

Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous