Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Splunk®
  3. SPLK-1002

Splunk® SPLK-1002 Exam (page: 7)
Splunk® Core Certified Power User
Updated on: 25-Dec-2025

Viewing Page 7 of 43
SPLK-1002 PDF 210 Questions

Information needed to create a GET workflow action includes which of the following? (Choose all that apply.)

  1. A name for the workflow action.
  2. A URI where the user will be directed at search time.
  3. A label that will appear in the Event Action menu at search time.
  4. A name for the URI where the user will be directed at search time.

Answer(s): A,B,C


Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/SetupaGETworkflowaction



Which of the following can be used with the eval command tostring function? (Choose all that apply.)

  1. "hex"
  2. "commas"
  3. "decimal"
  4. "duration"

Answer(s): A,B,D



Which of the following searches show a valid use of a macro? (Choose all that apply.)

  1. index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField
  2. index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField
  3. index=main source=mySource oldField=* | eval newField='makeMyField(oldField)'| table _time newField
  4. index=main source=mySource oldField=* | "'newField('makeMyField(oldField)')'" | table _time newField

Answer(s): A,C



A user wants to convert numeric field values to strings and also to sort on those values. Which command should be used first, the eval or the sort?

  1. It doesn't matter whether eval or sort is used first.
  2. Convert the numeric to a string with eval first, then sort.
  3. Use sort first, then convert the numeric to a string with eval.
  4. You cannot use the sort command and the eval command on the same field.

Answer(s): C



Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags?

  1. Macros
  2. Lookups
  3. Workflow actions
  4. Field extractions

Answer(s): B,D


Reference:

https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizedataatsearchtime



Viewing Page 7 of 43



Share your comments for Splunk® SPLK-1002 exam with other users:

Irfan 11/25/2023 1:26:00 AM

very nice content
Anonymous