Which of the following statements describe the Common Information Model (CIM)?
Which of the following statements describe the Common Information Model (CIM)? (Choose all that apply.) A. CIM is a methodology for normalizing data. B. CIM can correlate data from different sources. C. The Knowledge Manager uses the CIM to create knowledge objects. D. CIM is an app that can coexist with other apps on a […]
By default, how is acceleration configured in the Splunk Common Information Model (CIM) add-on?
By default, how is acceleration configured in the Splunk Common Information Model (CIM) add-on? A. Turned off. B. Turned on. C. Determined automatically based on the sourcetype. D. Determined automatically based on the data source.
Which of the following statements would help a user choose between the transaction and stars commands?
Which of the following statements would help a user choose between the transaction and stars commands? A. stats can only group events using IP addresses. B. The transaction command is faster and more efficient. C. There is a 1000 event limitation with the transaction command. D. Use stats when the events need to be viewed […]
Which option automatically identifies the data type, source type, and sample event?
There are several ways to access the field extractor. Which option automatically identifies the data type, source type, and sample event? A. Event Actions > Extract Fields B. Fields sidebar > Extract New Fields C. Settings > Field Extractions > New Field Extraction D. Settings > Field Extractions > Open Field Extractor Reference: https://docs.splunk.com/Documentation/Splunk/8.0.4/Knowledge/Managesearch-timefieldextractions
Based on the macro definition shown below, what is the correct way to execute the macro in a search string?
Based on the macro definition shown below, what is the correct way to execute the macro in a search string? A. “convert_sales(euro,€,.79)” B. ‘convert_sales(euro,€,.79)’ C. “convert_sales($euro$,$€$,$.79$)” D. ‘convert_sales($euro$,$€$,$.79$)’ Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Usesearchmacros
When multiple event types with different color values are assigned to the same event, what determines the colo
When multiple event types with different color values are assigned to the same event, what determines the color displayed for the event? A. Rank B. Weight C. Priority D. Precedence Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes
Which group of users would most likely use pivots?
Which group of users would most likely use pivots? A. Users B. Architects C. Administrators D. Knowledge Managers Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Pivot/IntroductiontoPivot
When using the Field Extractor (FX), which of the following delimiters will work?
When using the Field Extractor (FX), which of the following delimiters will work? (Choose all that apply.) A. Tabs B. Pipes C. Colons D. Spaces Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep
Data models are composed of one or more of which of the following datasets?
Data models are composed of one or more of which of the following datasets? (Choose all that apply.) A. Events datasets B. Search datasets C. Transaction datasets D. Any child of event, transaction, and search datasets Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels
When can a pipe follow a macro?
When can a pipe follow a macro? A. A pipe may always follow a macro. B. The current user must own the macro. C. The macro must be defined in the current app. D. Only when sharing is set to global for the macro.