SPLK-1002 無料問題集「Splunk Core Certified Power User」

（A）lookup

（B）eval

（C）transaction

（D）stats

（A）Format values

（B）Perform calculations

（C）Use conditional statements

（D）Convert values

（A）Sourcetype=access_* |stats sum(categorylD. by host

（B）Sourcetype=access_* |sum bytes by host

（C）Sourcetype=access_* |stats sum by host

（D）Sourcetype=access_* |sum(bytes) by host

（A）Fields and attributes.

（B）Constraints and fields.

（C）Constraints and lookups.

（D）Fields and variables.

（A）Event Types

（B）Tags

（C）Groups

（D）Macros

（A）To define how events flow from forwarders to indexes.

（B）To use field values to perform a secondary search.

（C）To retrieve information from an external resource.

（D）To send field values to an external resource.

（A）firstevent

（B）startswith

（C）startingwith

（D）with

（A）Output fields for a lookup

（B）Tags

（C）Fields generated from a search string

（D）Extracted fields

（A）Product, count: addtocart, count: remove, count: purchase, sum: addtocart, sum: remove, sum: purchase

（B）Count: product, sum: product, count: action, sum: action

（C）Product, sum: addtocart, sum: remove, sum: purchase, count: addtocart, count: remove, count: purchase

（D）The chart command does not allow for multiple statistical functions.

（A）timechart list(sales), values(product_name)

（B）stats sum(price) as sales over product_name

（C）chart sum(price) as sales by product_name

（D）chart sales by product_name

（A）Remove fields from results.

（B）Group transactions by one or more fields.

（C）Create or replace an existing field.

（D）Save SPL commands to be reused in other searches.

（A）Normalizing data across a Splunk deployment.

（B）Algorithmically shifting events to other indexes.

（C）Reingesting previously indexed data with new field names.

（D）Providing templates for reports and dashboards.

（A）deleted

（B）skipped or deferred

（C）automatically accelerated

（D）all of the above

（A）The CIM is a data exchange initiative between software vendors.

（B）The CIM defines an ecosystem of apps that can be fully supported by Splunk.

（C）The CIM provides a methodology to normalize data from different sources and source types.

（D）The CIM is a prerequisite that any data source must meet to be successfully onboarded into Splunk.

（A）When the search string needs to be used in future searches.

（B）When a search needs to be added to other users' dashboards.

（C）When a search should always include the same time range.

（D）When formatting needs to be included with the search string.